Virus msn "C'est toi!!??" Résolu

Question

Bonjour à tous,

j'ai lu le topic où Herri avait le même problème que moi c'est à dire le virus msn qui dit "C'est toi?!". Du coup j'ai fais un SDFIx rapport que voici :

SDFix: Version 1.130

Run by dior on 22/01/2008 at 20:42

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\MARION~1\MESDOC~1\LOGICIEL\SDFix

Safe Mode:
Checking Services: 

Name:
ldrsvc
runtime

Path:
%SystemRoot%\System32\svchost.exe -k netsvcs
\??\C:\WINDOWS\System32\driversuntime.sys 

ldrsvc - Deleted
runtime - Deleted



Infected ip6fw.sys Found!

ip6fw.sys File Locations:

"C:\WINDOWS\system32\dllcache\ip6fw.sys" 29056 05/08/2004 19:00 
"C:\WINDOWS\system32\drivers\ip6fw.sys" 29056 05/08/2004 19:00 

Infected File Listed Below:

C:\WINDOWS\system32\drivers\ip6fw.sys

File copied to Backups Folder
Attempting to replace ip6fw.sys with original version... 

Original ip6fw.sys Restored
 

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

Trojan Files Found:

C:\-10025~1 - Deleted
C:\TUWWP.EXE - Deleted
C:\Program Files\Dot1XCfg\Dot1XCfg.exe - Deleted
C:\Program Files\Helper\superfindout.dll - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\d.exe - Deleted
C:\WINDOWS\17PHolmes1148.exe - Deleted
C:\WINDOWS\b122.exe - Deleted
C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M0709NetInstaller.exe - Deleted
C:\WINDOWS\mrofinu1148.exe - Deleted
C:\WINDOWS\mrofinu1148.exe.tmp - Deleted
C:\DOCUME~1\dior\LOCALS~1\Temp\services.exe  - Deleted



Folder C:\Program Files\Dot1XCfg - Removed
Folder C:\Program Files\Helper - Removed
Folder C:\Program Files\Temporary - Removed


Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-22 21:10:14
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\astq]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\drivers\astq.tga"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\astq\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b010af1]
"0017d536eb4d"=hex:6a,0e,99,f8,5f,5d,d1,1a,70,18,31,a8,9f,64,74,b2
"0016db0258af"=hex:d6,0c,87,9f,2c,ff,bb,c5,ac,5d,ef,29,a1,79,b9,c9
"0018131d39cd"=hex:ed,2c,b5,78,89,f7,56,e8,c7,99,1c,54,d6,2c,8b,27
"0005c9455f54"=hex:33,c2,86,cf,4f,94,04,f4,b4,a2,53,03,d4,fa,77,79
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ztx86]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\ztx86.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ztx86\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\astq]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\drivers\astq.tga"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\astq\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b010af1]
"0017d536eb4d"=hex:6a,0e,99,f8,5f,5d,d1,1a,70,18,31,a8,9f,64,74,b2
"0016db0258af"=hex:d6,0c,87,9f,2c,ff,bb,c5,ac,5d,ef,29,a1,79,b9,c9
"0018131d39cd"=hex:ed,2c,b5,78,89,f7,56,e8,c7,99,1c,54,d6,2c,8b,27
"0005c9455f54"=hex:33,c2,86,cf,4f,94,04,f4,b4,a2,53,03,d4,fa,77,79
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ztx86]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\ztx86.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\ztx86\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x20229~\2]
"C040110900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:0000009a
"TracesSuccessful"=dword:00000003

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 52


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Ma‹do Production\IziSpot 4\IziSpot.exe"="C:\Program Files\Ma‹do Production\IziSpot 4\IziSpot.exe:*:Enabled:IziSpot"
"C:\Documents and Settings\dior\Local Settings\Temporary Internet Files\Content.IE5\2QOBTNID\incredimail_install[1].exe"="C:\Documents and Settings\dior\Local Settings\Temporary Internet Files\Content.IE5\2QOBTNID\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Documents and Settings\dior\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe"="C:\Documents and Settings\dior\Local Settings\Temp\ImInstaller\IncrediMail\incredimail_install[1].exe:*:Enabled:IncrediMail Installer"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\AOL 9.0\waol.exe"="C:\Program Files\AOL 9.0\waol.exe:*:Disabled:AOL France"
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"="C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Disabled:BearShare"
"C:\Program Files\eDonkey2000\edonkey2000.exe"="C:\Program Files\eDonkey2000\edonkey2000.exe:*:Disabled:edonkey2000"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Disabled:eMule"
"C:\Program Files\LimeWire\LimeWire.exe"="C:\Program Files\LimeWire\LimeWire.exe:*:Disabled:LimeWire"
"C:\StubInstaller.exe"="C:\StubInstaller.exe:*:Disabled:LimeWire swarmed installer"
"C:\Program Files\Shareaza\Shareaza.exe"="C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza"
"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe"="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe:*:Disabled:Sunbelt Firewall GUI"
"C:\Program Files\OrangeHSS\Browser\Browser.exe"="C:\Program Files\OrangeHSS\Browser\Browser.exe:*:Disabled:Browser"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:æTorrent"
"C:\DOCUME~1\dior\LOCALS~1\Temp\services.exe"="C:\DOCUME~1\dior\LOCALS~1\Temp\services.exe:*:Enabled:Flash Player2"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:svchost"
"C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe"="C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe:*:Enabled:Ad-Aware 2007"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\Program Files\Windows Live\Messenger\livecall.exe"="C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

Remaining Files:
---------------
C:\Program Files\Helper\superfindout.dll Found

File Backups: - C:\DOCUME~1\MARION~1\MESDOC~1\LOGICIEL\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 23 Jun 2006           218 A.SHR --- "C:\BOOT.BAK"
Sat  1 Apr 2006            22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.SYS"
Sun 25 Jun 2006         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 28 Jun 2001     1,679,360 A..H. --- "C:\Program Files\Ulead Systems\Ulead GIF Animator 5\ga_main.exe"
Mon 26 Feb 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 12 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4633c51c90c17af214c8eeab40b9fcf4\BITED.tmp"
Tue 11 Sep 2007        62,976 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 07-08\AMELIORATION DES MOYENS DE COMS\~WRL0002.tmp"
Thu 19 Apr 2007        29,696 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL1374.tmp"
Thu 19 Apr 2007        24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL1410.tmp"
Thu 19 Apr 2007        29,696 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL3801.tmp"
Sat 14 Apr 2007        25,600 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ABI OFFICIELLE\PUBLISHER\Affiche informative. Publisher\~WRL3540.tmp"
Mon 22 Jan 2007        24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL0621.tmp"
Mon 22 Jan 2007        61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1274.tmp"
Mon 22 Jan 2007        21,504 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1572.tmp"
Mon 22 Jan 2007        20,480 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL2287.tmp"
Mon 22 Jan 2007        23,040 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3444.tmp"
Mon 22 Jan 2007        61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3618.tmp"
Mon 22 Jan 2007        24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL0621.tmp"
Mon 22 Jan 2007        61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1274.tmp"
Mon 22 Jan 2007        21,504 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1572.tmp"
Mon 22 Jan 2007        20,480 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL2287.tmp"
Mon 22 Jan 2007        23,040 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3444.tmp"
Mon 22 Jan 2007        61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3618.tmp"
Tue 11 Sep 2007        62,976 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 07-08\AMELIORATION DES MOYENS DE COMS\~WRL0002.tmp"
Thu 19 Apr 2007        29,696 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL1374.tmp"
Thu 19 Apr 2007        24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL1410.tmp"
Thu 19 Apr 2007        29,696 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL3801.tmp"
Mon 22 Jan 2007        19,968 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL0003.tmp"
Mon 22 Jan 2007        24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL0621.tmp"
Mon 22 Jan 2007        61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL1274.tmp"
Mon 22 Jan 2007        21,504 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL1572.tmp"
Mon 22 Jan 2007        20,480 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL2287.tmp"
Mon 22 Jan 2007        23,040 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL3444.tmp"
Mon 22 Jan 2007        61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL3618.tmp"
Mon 22 Jan 2007        25,600 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CV + LETTRE MOTIVATION\~WRL0001.tmp"
Sat 14 Apr 2007        25,600 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ABI OFFICIELLE\PUBLISHER\Affiche informative. Publisher\~WRL3540.tmp"
Mon 22 Jan 2007        24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL0621.tmp"
Mon 22 Jan 2007        61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1274.tmp"
Mon 22 Jan 2007        21,504 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1572.tmp"
Mon 22 Jan 2007        20,480 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL2287.tmp"
Mon 22 Jan 2007        23,040 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3444.tmp"
Mon 22 Jan 2007        61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3618.tmp"

Finished!


De plus, mon pare-feu se desactive tout seul, je le remets sans cesse. mais le pare feu qu'il m'indique je l'ai désinstallé (mal je pense) il y a un moment...

Help me please :)

Tiller · Answer

J'ai la fleme de tout lire ;o
Mais si en gros t'as le virus "C'est toi?!" suit ce guide: 
http://www.infos-du-net.com/forum/276536-11-virus#t275328

Helpmei34 · Answer

Merci à toi, je vais le faire ! :)

Helpmei34 · Answer

Voila mon MSNFix :

MSNFix 1.639-2  
 
C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix 
Fix exécuté le 22/01/2008 - 22:15:01,82 By dior 
mode normal    
    
************************ Recherche les fichiers présents      
    
... C:\Documents and Settings\dior\??????.exe 
 
************************ Recherche les dossiers présents       
 
... C:\Temp\ 
 
 
 
 
************************ Suppression des fichiers       
    
.. OK ... C:\Documents and Settings\dior\??????.exe  
 
 
************************ Suppression des dossiers       
 
.. OK ... C:\Temp\   
 
 
************************ Nettoyage du registre 
 
 
 
************************ Fichiers suspects 
 
/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention 
 
[C:\bhij.exe] E35BBFB29114DC915FB8FAF710EB8770 
[C:\cvbkwtb.exe] DBA6ED92B588B923D26BE7250BC18020 
[C:\hkdjqaxv.exe] D3E6A206A898625AEBB634575041370A 
[C:\upaq.exe] 68D9A79AA5906E4AF60AA2DBE0840DAE 

 
  
Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 22012008_22184426.zip
 
 
------------------------------------------------------------------------  
Auteur : !aur3n7                     Contact: https://www.ionos.fr/     
------------------------------------------------------------------------   
 
---------------------------------------------   END   ---------------------------------------------

Helpmei34 · Answer

Suis-je toujours infectée ?... :(

Helpmei34 · Answer

Répondez moi SVP...

Tiller · Answer

Pas la moindre idée ^_^

g!rly · Answer

salut Helpmei34,

fais ceci :

1
Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe      

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

et

2
Télécharge HijackThis ici : 

-> http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis

Tutoriel d´utilisation (video) :

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

Post le rapport généré ici stp...

post les deux rapports obtenus

note : fais les dans cette ordre (combofix en premier) mais post le rapport de hijack this en premier sur le forum suivie de celui de combofix (plus facil pour la lecture et la futur reponse)

@+

Helpmei34 · Answer

Merci beaucoup ! Je suis entraine de les faire ... :)

g!rly · Answer

ok

Helpmei34 · Answer

Je n'arrive pas à voir le compte rendu... Je ne le trouve pas dans le C....

g!rly · Answer

la il n´y est pas?

C:\Combofix.txt

fais le hijack this sinon

@+

Helpmei34 · Answer

En faisant la recherche sur l'ordi, rien n'a été trouvé..

g!rly · Answer

up 11

Helpmei34 · Answer

Oui j'ai tapé C:\Combofix.txt  et il est introuvable.. Je vais faire le Hitjackthis

Helpmei34 · Answer

Up11 ?!

g!rly · Answer

oui post le rapport de hijack this

Helpmei34 · Answer

Je fais un simple scan ?

Helpmei34 · Answer

Le voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:22, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\drivers\alg.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Ares\Ares.exe
C:\bhij.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O2 - BHO: (no name) - {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} - C:\WINDOWS\system32\iphttphl4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel32_sysdamper] C:\WINDOWS\system32\drivers\sysdamp.exe
O4 - HKLM\..\Run: [Sysmem32] C:\WINDOWS\system32\drivers\alg.exe
O4 - HKLM\..\Run: [Memory_chech] C:\WINDOWS\system32\drivers\smss.exe
O4 - HKLM\..\Run: [Clipboard_x] C:\WINDOWS\system32\drivers\csrss.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: ffdshow
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

g!rly · Answer

ok, 

ben c´est pas la joie...

peux tu essayer de faire ceci :

Click sur demarrer > executer > dans la boite de dialogue tape ceci :

Combofix /u

note qu´il y a un espace entre le x et /u

et reprends combofix et essaie d´avoir son rapport

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe      

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

@+

Helpmei34 · Answer

Houla tu me fais peur... C'est grave ?

g!rly · Answer

bah, y a pas mal de choses a supprimer, sans combofix, on va se prendre la tete entre les genoux...

Helpmei34 · Answer

Tu me fais peur... C'est grave ?

Helpmei34 · Answer

Combofix me dit que le rapport est en cours puis la fenêtre disparaît et plus rien...

Helpmei34 · Answer

G!rly ?

g!rly · Answer

;-(

repost un hijack this stp pour que je l´ai  la sous les yeux, puis je te donnerais la marche a suivre...

@+

Helpmei34 · Answer

Oki Merci !

Helpmei34 · Answer

Hé voila :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:03, on 2008-01-23
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\drivers\alg.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Ares\Ares.exe
C:\bhij.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O2 - BHO: (no name) - {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} - C:\WINDOWS\system32\iphttphl4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel32_sysdamper] C:\WINDOWS\system32\drivers\sysdamp.exe
O4 - HKLM\..\Run: [Sysmem32] C:\WINDOWS\system32\drivers\alg.exe
O4 - HKLM\..\Run: [Memory_chech] C:\WINDOWS\system32\drivers\smss.exe
O4 - HKLM\..\Run: [Clipboard_x] C:\WINDOWS\system32\drivers\csrss.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: ffdshow
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

Helpmei34 · Answer

Que dois-je faire ?

Helpmei34 · Answer

SVP ! A l'aide !!

g!rly · Answer

salut helpmei34,

excuse j´ai du m´absenter hier soir...

Peux tu me dire à quoi tu vois que je suis infectée ? Toutes les infos là ne sont que des virus ? Quel types de virus j'ai ? stp 

il y a des fichiers qui ne devraient pas etre la, et non ce ne sont pas tous des virus, les fichiers infectés sont des trojants, et autres...

ce que l´on va faire, car j´ai besoin de passer par le registre pour te desinfecter c´est faire un autre rapport a l´aide de ceci :

Télécharge ComboScan sur ton Bureau en bas de cette pae en clickant sur download file

-> http://www.geekstogo.com/forum/files/

Ferme toutes les applications en cours : antivirus, pare-feu, etc ..
Double-clic sur comboscan.exe, dans la fenêtre qui s'affiche, clic sur OK.
Soit patient...
Le rapport Comboscan.txt s'affichera, copie et colle le contenu de ce fichier ici.

et ceci : (celui ci est tres long mais t´inkiete pas...)

 * Télécharge SREng (de Smallfrogs) : http://www.kztechs.com/eng/download.html
* Dézippe tout son contenu sur ton bureau (clic droit >Extraire ici).
* Ouvre le dossier SReng2 et double-clique sur SREng.exe.
* Clique sur "smart scan".
* Clique sur le bouton "scan".
* Quand l'analyse est terminée, clique sur le bouton "save reports".
* Sauvegarde alors le rapport sur ton bureau.
* Copie/colle le contenu du rapport SREnglLOG.log dans ta prochaine réponse.

Le rapport peut-être long et en deux morceaux vérifie qu'il soit en entier.

@+

Helpmei34 · Answer

Merci beaucoup de m'aider !!!! Je fais cela ce soir car là j'ai pas le temps grrr

Bonne journée :)

g!rly · Answer

ok,

bonne journée egalement ;-)

@+

Helpmei34 · Answer

Rapport Comboscan extra :

Deckard's System Scanner v20071014.68
Extra logfile - please post this as an attachment with your post.
--------------------------------------------------------------------------------

-- System Information ----------------------------------------------------------

Microsoft Windows XP Édition familiale (build 2600) SP 2.0
Architecture: X86; Language: French

CPU 0: AMD Sempron(tm) Processor 3000+
Percentage of Memory in Use: 47%
Physical Memory (total/avail): 958.48 MiB / 505.1 MiB
Pagefile Memory (total/avail): 2313.73 MiB / 1413.23 MiB
Virtual Memory (total/avail): 2047.88 MiB / 1932.76 MiB

C: is Fixed (NTFS) - 143.04 GiB total, 90.52 GiB free. 
D: is Fixed (FAT32) - 5.99 GiB total, 1.72 GiB free. 
E: is CDROM (No Media)
G: is Removable (No Media)
H: is Removable (No Media)
I: is Removable (No Media)
J: is Removable (No Media)

\.\PHYSICALDRIVE0 - ST3160021A - 149.05 GiB - 2 partitions
  \PARTITION0 - Unknown - 6 GiB - D:
  \PARTITION1 (bootable) - Système de fichiers installable - 143.04 GiB - C:

\.\PHYSICALDRIVE2 - Generic USB CF Reader USB Device

\.\PHYSICALDRIVE4 - Generic USB MS Reader USB Device

\.\PHYSICALDRIVE1 - Generic USB SD Reader USB Device

\.\PHYSICALDRIVE3 - Generic USB SM Reader USB Device



-- Security Center -------------------------------------------------------------

AUOptions is scheduled to auto-install.
Windows Internal Firewall is disabled.

FirstRunDisabled is set.

FW: Sunbelt Personal Firewall v4.5.916 T (Sunbelt) [COLOR=RED]Disabled[/COLOR]
AV: avast! antivirus 4.7.1098 [VPS 080123-2] v4.7.1098 (ALWIL Software) [COLOR=RED]Disabled[/COLOR]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


-- Environment Variables -------------------------------------------------------

ALLUSERSPROFILE=C:\Documents and Settings\All Users
APPDATA=C:\Documents and Settings\dior\Application Data
CommonProgramFiles=C:\Program Files\Fichiers communs
COMPUTERNAME=NOM-EB85C523610
ComSpec=C:\WINDOWS\system32\cmd.exe
FP_NO_HOST_CHECK=NO
HOMEDRIVE=C:
HOMEPATH=\Documents and Settings\dior
LOGONSERVER=\NOM-EB85C523610
NUMBER_OF_PROCESSORS=1
OS=Windows_NT
Path=C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\system32\wbem;c:\Python22;C:\Program Files\ATI Technologies\ATI Control Panel;C:\Program Files\Fichiers communs\GTK\2.0\bin;;C:\PROGRA~1\FICHIE~1\MUVEET~1\030625
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_LEVEL=15
PROCESSOR_REVISION=2f02
ProgramFiles=C:\Program Files
PROMPT=$P$G
SESSIONNAME=Console
SonicCentral=c:\Program Files\Fichiers communs\Sonic Shared\Sonic Central\
SystemDrive=C:
SystemRoot=C:\WINDOWS
TEMP=C:\DOCUME~1\dior\LOCALS~1\Temp
TMP=C:\DOCUME~1\dior\LOCALS~1\Temp
USERDOMAIN=NOM-EB85C523610
USERNAME=dior
USERPROFILE=C:\Documents and Settings\dior
windir=C:\WINDOWS


-- User Profiles ---------------------------------------------------------------

HP_Propriétaire [I](admin)[/I]
dior [I](admin)[/I]
marionette [I](admin)[/I]


-- Add/Remove Programs ---------------------------------------------------------

 --> C:\Program Files\Fichiers communs\Real\Update_OB1puninst.exe RealNetworks|RealPlayer|6.0
 --> C:\WINDOWS\IsUn040c.exe -fC:\WINDOWS\orun32.isu
 --> c:\WINDOWS\system32\MSIEXEC.EXE /x {075473F5-846A-448B-BCB3-104AA1760205}
 --> c:\WINDOWS\system32\MSIEXEC.EXE /x {AB708C9B-97C8-4AC9-899B-DBF226AC9382}
 --> c:\WINDOWS\system32\MSIEXEC.EXE /x {B12665F4-4E93-4AB4-B7FC-37053B524629}
 --> rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware 2007 --> MsiExec.exe /I{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}
Adobe Flash Player 9 ActiveX --> C:\WINDOWS\system32\Macromed\Flash\FlashUtil9b.exe -uninstallDelete
Adobe Reader 8.1.0 - Français --> MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81000000003}
Adobe Shockwave Player --> C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log
Amélioration de nos services --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{23012310-3E05-46A5-88A9-C6CBCABCAC79} /l1036 
Archiveur WinRAR --> C:\Program Files\WinRAR\uninstall.exe
Ares 2.0.9 --> "C:\Program Files\Ares\uninstall.exe"
Assistant de connexion Windows Live --> MsiExec.exe /I{AFA4E5FD-ED70-4D92-99D0-162FD56DC986}
ATI Display Driver --> rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
µTorrent --> "C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
avast! Antivirus --> rundll32 C:\PROGRA~1\ALWILS~1\Avast4\Setup\setiface.dll,RunSetup
AVI ReComp 1.2.3 --> C:\Documents and Settings\marionette\Mes documents\LOGICIEL\AVI ReComp\uninst.exe
AviSynth 2.5 --> "C:\Program Files\AviSynth 2.5\Uninstall.exe"
Compel Adaptec WinASPI --> "C:\Program Files\WinASPI\unins000.exe"
Connexion Facile à Internet --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{8105684D-8CA6-440D-8F58-7E5FD67A499D} /l1036 
Correctif pour Lecteur Windows Media 11 (KB939683) --> "C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Correctif pour Windows XP (KB914440) --> "C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe"
Correctif Windows XP - KB873339 --> C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Correctif Windows XP - KB883667 --> C:\WINDOWS\$NtUninstallKB883667$\spuninst\spuninst.exe
Correctif Windows XP - KB885250 --> C:\WINDOWS\$NtUninstallKB885250$\spuninst\spuninst.exe
Correctif Windows XP - KB885835 --> C:\WINDOWS\$NtUninstallKB885835$\spuninst\spuninst.exe
Correctif Windows XP - KB885836 --> C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Correctif Windows XP - KB885884 --> C:\WINDOWS\$NtUninstallKB885884$\spuninst\spuninst.exe
Correctif Windows XP - KB886185 --> C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Correctif Windows XP - KB887472 --> C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Correctif Windows XP - KB887742 --> C:\WINDOWS\$NtUninstallKB887742$\spuninst\spuninst.exe
Correctif Windows XP - KB888113 --> C:\WINDOWS\$NtUninstallKB888113$\spuninst\spuninst.exe
Correctif Windows XP - KB888239 --> C:\WINDOWS\$NtUninstallKB888239$\spuninst\spuninst.exe
Correctif Windows XP - KB888302 --> C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Correctif Windows XP - KB890175 --> C:\WINDOWS\$NtUninstallKB890175$\spuninst\spuninst.exe
Correctif Windows XP - KB890859 --> "C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Correctif Windows XP - KB891781 --> C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
Correctif Windows XP - KB892050 --> "C:\WINDOWS\$NtUninstallKB892050$\spuninst\spuninst.exe"
Correctif Windows XP - KB893066 --> "C:\WINDOWS\$NtUninstallKB893066$\spuninst\spuninst.exe"
Ethnos 4 - Version d'évaluation --> C:\WINDOWS\ISUN040C.EXE -f"C:\Program Files\Ethnos4 Demo\Uninst.isu" -c"C:\Program Files\Ethnos4 Demo\Uninst.dll"
Galerie de photos Windows Live --> MsiExec.exe /X{9D442283-88AD-4F49-8568-18CE6EAA15AF}
GTK+ 2.10.13 runtime environment --> "C:\Program Files\Fichiers communs\GTK\2.0\setup\unins000.exe"
High Definition Audio - KB888111 --> "C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
HijackThis 2.0.2 --> "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Media Format 11 SDK (KB929399) --> "C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
HP Appareils photos Photosmart 5.0 --> C:\Program Files\HP\Digital Imaging\{C83A12B9-B31B-461A-BBD4-CE9B988094F1}\setup\hpzscr01.exe -datfile hpiscr01.dat
HP Deskjet Printer Preload --> MsiExec.exe /I{2C5D07FB-31A2-4F2D-9FDA-0B24ACD42BD0}
HP Document Viewer 5.3 --> C:\Program Files\HP\Digital Imaging\DocumentViewer\hpzscr01.exe -datfile hpqbud04.dat
HP Extended Capabilities 5.3 --> C:\Program Files\HP\Digital Imaging\ExtCapUninstall\hpzscr01.exe -datfile hpqhsc01.dat
HP Image Zone 5.3 --> C:\Program Files\HP\Digital Imaging\uninstall\hpzscr01.exe -datfile hpqscr01.dat
HP Image Zone Express --> MsiExec.exe /X{FE64AE29-0883-4C70-8388-DC026019C900}
HP Imaging Device Functions 5.3 --> C:\Program Files\HP\Digital Imaging\DigitalImagingMonitor\hpzscr01.exe -datfile hpqbud01.dat
HP Multimedia Keyboard Software --> C:\HP\KBD\Install.exe /remove
HP Photosmart 330,380,420,470,7800,8000,8200 Series --> C:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\setup\hpzscr01.exe -d MsiRollbackUninstaller -datfile hphscr08.dat
HP PSC & OfficeJet 5.3.A --> "C:\Program Files\HP\Digital Imaging\{3E386744-10FA-44b2-98C9-DF7A270DECB3}\setup\hpzscr01.exe" -datfile hposcr06.dat
HP PSC & OfficeJet 5.3.B --> "C:\Program Files\HP\Digital Imaging\{5B79CFD1-6845-4158-9D7D-6BE89DF2C135}\setup\hpzscr01.exe" -datfile hposcr07.dat
HP Software Update --> MsiExec.exe /X{ECFDD6BD-E0C0-41CC-A171-E6D6AF4C0E93}
HP Solution Center & Imaging Support Tools 5.3 --> C:\Program Files\HP\Digital Imaging\eSupport\hpzscr01.exe -datfile hpqbud05.dat
Ink --> MsiExec.exe /I{9FCB2876-554D-491D-A2CD-58F8252D6C64}
InterVideo WinDVD Player --> "C:\Program Files\InstallShield Installation Information\{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}\setup.exe" REMOVEALL
J2SE Runtime Environment 5.0 Update 5 --> MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150050}
L&H TTS3000 Français --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSFRF.inf, Uninstall
livebox --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{17342E3B-0818-4A6F-BFF8-99476605ADD6}\Setup.exe" -l0x40c 
Logiciel QuickCam de Logitech --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C43048A9-742C-4DAD-90D2-E3B53C9DB825}\setup.exe" -l0x40c 
Logitech Print Service --> C:\PROGRA~1\Logitech\PRINTS~1\UNWISE.EXE C:\PROGRA~1\Logitech\PRINTS~1\INSTALL.LOG
Microsoft Compression Client Pack 1.0 for Windows XP --> "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft FrontPage Express --> RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\fpxpress.inf, Uninstall
Microsoft Office Professional Edition 2003 --> MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}
Microsoft SQL Server 2005 Compact Edition [ENU] --> MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft User-Mode Driver Framework Feature Pack 1.0 --> "C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Works --> MsiExec.exe /I{A059DE09-1B49-4450-B340-7AE097EC3F04}
Mise à jour de sécurité pour Lecteur Windows Media (KB911564) --> "C:\WINDOWS\$NtUninstallKB911564$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) --> "C:\WINDOWS\$NtUninstallKB917734_WMP10$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782) --> "C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398) --> "C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB898458) --> "C:\WINDOWS\$NtUninstallKB898458$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Step by Step Interactive Training (KB923723) --> "C:\WINDOWS\$NtUninstallKB923723$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB890046) --> "C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB893756) --> "C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896358) --> "C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896422) --> "C:\WINDOWS\$NtUninstallKB896422$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896423) --> "C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896424) --> "C:\WINDOWS\$NtUninstallKB896424$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896428) --> "C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB896688) --> "C:\WINDOWS\$NtUninstallKB896688$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899587) --> "C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB899591) --> "C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB900725) --> "C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901017) --> "C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB901214) --> "C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB902400) --> "C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB904706) --> "C:\WINDOWS\$NtUninstallKB904706$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905414) --> "C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB905749) --> "C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB908519) --> "C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911562) --> "C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911567) --> "C:\WINDOWS\$NtUninstallKB911567$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB911927) --> "C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB912919) --> "C:\WINDOWS\$NtUninstallKB912919$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB913580) --> "C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914388) --> "C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB914389) --> "C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB916281) --> "C:\WINDOWS\$NtUninstallKB916281$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917159) --> "C:\WINDOWS\$NtUninstallKB917159$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917344) --> "C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917422) --> "C:\WINDOWS\$NtUninstallKB917422$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB917953) --> "C:\WINDOWS\$NtUninstallKB917953$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918118) --> "C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918439) --> "C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB918899) --> "C:\WINDOWS\$NtUninstallKB918899$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB919007) --> "C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920213) --> "C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920214) --> "C:\WINDOWS\$NtUninstallKB920214$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920670) --> "C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920683) --> "C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB920685) --> "C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921398) --> "C:\WINDOWS\$NtUninstallKB921398$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921503) --> "C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB921883) --> "C:\WINDOWS\$NtUninstallKB921883$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922616) --> "C:\WINDOWS\$NtUninstallKB922616$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922760) --> "C:\WINDOWS\$NtUninstallKB922760$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB922819) --> "C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923191) --> "C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923414) --> "C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923694) --> "C:\WINDOWS\$NtUninstallKB923694$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB923980) --> "C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924191) --> "C:\WINDOWS\$NtUninstallKB924191$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924270) --> "C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924496) --> "C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB924667) --> "C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925486) --> "C:\WINDOWS\$NtUninstallKB925486$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB925902) --> "C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926255) --> "C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB926436) --> "C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927779) --> "C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB927802) --> "C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928255) --> "C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB928843) --> "C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB929123) --> "C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB930178) --> "C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931261) --> "C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB931784) --> "C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB932168) --> "C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB933729) --> "C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935839) --> "C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB935840) --> "C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB936021) --> "C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB938829) --> "C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941202) --> "C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941568) --> "C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941569) --> "C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB941644) --> "C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943460) --> "C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB943485) --> "C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Mise à jour de sécurité pour Windows XP (KB944653) --> "C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB898461) --> "C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB900485) --> "C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB904942) --> "C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB908531) --> "C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB910437) --> "C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB911280) --> "C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB916595) --> "C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB920872) --> "C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB922582) --> "C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB927891) --> "C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB929338) --> "C:\WINDOWS\$NtUninstallKB929338$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB930916) --> "C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB931836) --> "C:\WINDOWS\$NtUninstallKB931836$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB933360) --> "C:\WINDOWS\$NtUninstallKB933360$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB938828) --> "C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Mise à jour pour Windows XP (KB942763) --> "C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"
Module de compatibilité pour Microsoft Office System 2007 --> MsiExec.exe /X{90120000-0020-040C-0000-0000000FF1CE}
Mozilla Firefox (2.0.0.11) --> C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Panneau de contrôle ATI --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0BEDBD4E-2D34-47B5-9973-57E62B29307C}\setup.exe" 
PC-Doctor 5 for Windows --> C:\Program Files\PC-Doctor 5 for Windows\uninst.exe
Pop-Up Stopper Free Edition --> C:\PROGRA~1\PANICW~1\POP-UP~1\UNWISE.EXE C:\PROGRA~1\PANICW~1\POP-UP~1\INSTALL.LOG
Programme de gestion Camera de Logitech® --> "C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT
PS2 --> C:\WINDOWS\system32\ps2.exe uninstall
Python 2.2 pywin32 extensions (build 203) --> "C:\Python22\Removepywin32.exe" -u "C:\Python22\pywin32-wininst.log"
Python 2.2.3 --> C:\Python22\UNWISE.EXE C:\Python22\INSTALL.LOG
RealPlayer --> C:\Program Files\Fichiers communs\Real\Update_OB1puninst.exe RealNetworks|RealPlayer|6.0
SAGEM Wi-Fi 11g USB adapter (Driver) --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E2AA331E-E10E-438C-B1C0-24B2FFD3D9C4}\setup.exe" -l0x40c 
SAGEM Wi-Fi 11g USB adapter (Tool) --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6266AB37-350F-483C-88D2-C530ACA42645}\Setup.exe" -l0x40c 
Security Update for CAPICOM (KB931906) --> MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Security Update for CAPICOM (KB931906) --> MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}
Services Internet --> C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{5CFD7508-7774-48FE-8280-7A3C0AE71755} /l1036 
Sonic Express Labeler --> MsiExec.exe /I{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}
Sonic MyDVD Plus --> MsiExec.exe /I{21657574-BD54-48A2-9450-EB03B2C7FC29}
Sonic RecordNow Audio --> MsiExec.exe /I{AB708C9B-97C8-4AC9-899B-DBF226AC9382}
Sonic RecordNow Copy --> MsiExec.exe /I{B12665F4-4E93-4AB4-B7FC-37053B524629}
Sonic RecordNow Data --> MsiExec.exe /I{075473F5-846A-448B-BCB3-104AA1760205}
Sonic Update Manager --> MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}
Spybot - Search & Destroy 1.4 --> "C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Sunbelt Personal Firewall --> MsiExec.exe /X{BFD080F6-3BF0-40E1-9507-9CA969C35870}
The Best Offers --> C:\PROGRA~1\TBONBin	bon.exe /v
The GIMP 2.2.17 --> "C:\Program Files\GIMP-2.0\unins000.exe"
Ulead GIF Animator 5 Evaluation --> RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8AF3E926-ED59-11D4-A44B-0000E86D2305}\Setup.exe" 
VideoLAN VLC media player 0.8.6c --> C:\Program Files\VideoLAN\VLC\uninstall.exe
Wanadoo Messager --> C:\PROGRA~1\WANADO~1\UNWISE.EXE C:\PROGRA~1\WANADO~1\INSTALL.LOG
Weather Services --> C:\WINDOWS\system32\control.exe C:\PROGRA~1\THEWEA~1\Framework\wxfw.cpl,4
Windows Desktop Search 3.01 --> "C:\WINDOWS\$NtUninstallKB917013$\spuninst\spuninst.exe"
Windows Imaging Component --> "C:\WINDOWS\$NtUninstallWIC$\spuninst\spuninst.exe"
Windows Live installer --> MsiExec.exe /X{FD44E544-E7D0-4DBA-9FA0-8AE1A1300390}
Windows Live Mail --> MsiExec.exe /I{C514C594-23AA-4F13-A070-DB8BDB27594F}
Windows Live Messenger --> MsiExec.exe /X{BADF6744-3787-48F6-B8C9-4C4995401D65}
Windows Live Safety Scanner --> RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT
Windows Live Writer --> MsiExec.exe /X{3DFF4274-EBB0-4356-9692-972965018954}
Windows Media Format 11 runtime --> "C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Xvid 1.1.2 final uninstall --> "C:\Program Files\Xvid\unins000.exe"


-- Application Event Log -------------------------------------------------------

Event Record #/Type8572 / Success
Event Submitted/Written: 01/24/2008 09:48:10 AM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type8503 / Success
Event Submitted/Written: 01/23/2008 08:38:17 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type8395 / Success
Event Submitted/Written: 01/23/2008 00:20:30 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type8372 / Success
Event Submitted/Written: 01/22/2008 09:34:34 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.

Event Record #/Type8337 / Success
Event Submitted/Written: 01/22/2008 06:54:43 PM
Event ID/Source: 12001 / usnjsvc
Event Description:
The Messenger Sharing USN Journal Reader service started successfully.



-- Security Event Log ----------------------------------------------------------

No Errors/Warnings found.


-- System Event Log ------------------------------------------------------------

Event Record #/Type437 / Warning
Event Submitted/Written: 01/24/2008 04:00:21 PM
Event ID/Source: 1003 / Dhcp
Event Description:
Votre ordinateur n'a pas pu renouveler son adresse à partir du réseau (à partir
du serveur DHCP) pour la carte réseau dont l'adresse réseau est 0060B3EFD165. Il s'est
produit l'erreur suivante : 
%%1223.
Votre ordinateur va continuer à essayer d'obtenir sa propre adresse auprès du
serveur d'adresse réseau (DHCP).

Event Record #/Type429 / Warning
Event Submitted/Written: 01/24/2008 03:59:53 PM
Event ID/Source: 18 / BTHUSB
Event Description:
Windows ne peut pas enregistrer les clés de liaison Bluetooth sur le transmetteur local car il ne peut pas déterminer si la sécurité appropriée est activée pour le périphérique.

Event Record #/Type428 / Warning
Event Submitted/Written: 01/24/2008 01:05:49 PM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.

Event Record #/Type427 / Warning
Event Submitted/Written: 01/24/2008 11:16:35 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.

Event Record #/Type426 / Warning
Event Submitted/Written: 01/24/2008 10:16:33 AM
Event ID/Source: 4226 / Tcpip
Event Description:
TCP/IP a atteint la limite de sécurité imposée sur le nombre de tentatives de connexion TCP simultanées.



-- End of Deckard's System Scanner: finished at 2008-01-24 16:10:42 ------------



Rapport ComboScan Main :

Deckard's System Scanner v20071014.68
Run by dior on 2008-01-24 16:07:49
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- System Restore --------------------------------------------------------------

Successfully created a Deckard's System Scanner Restore Point.


-- Last 2 Restore Point(s) --
2: 2008-01-24 15:07:56 UTC - RP438 - Deckard's System Scanner Restore Point
1: 2008-01-23 18:33:21 UTC - RP437 - Point de vérification système


Backed up registry hives.
Performed disk cleanup.



-- HijackThis (run as dior.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:09, on 2008-01-24
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32undll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\drivers\alg.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\bhij.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\dior\Bureau\dss.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\dior.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O2 - BHO: (no name) - {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} - C:\WINDOWS\system32\iphttphl4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel32_sysdamper] C:\WINDOWS\system32\drivers\sysdamp.exe
O4 - HKLM\..\Run: [Sysmem32] C:\WINDOWS\system32\drivers\alg.exe
O4 - HKLM\..\Run: [Memory_chech] C:\WINDOWS\system32\drivers\smss.exe
O4 - HKLM\..\Run: [Clipboard_x] C:\WINDOWS\system32\drivers\csrss.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [WintelUpdate] C:\bhij.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: ffdshow
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

Helpmei34 · Answer

Et voici l'autre logiciel soit SReng : [CODE] 2008-01-24,21:07:24 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] [N/A] <"C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"> [Panicware, Inc.] <"C:\Program Files\Ares\Ares.exe" -h> [Ares Development Group] [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [Sun Microsystems, Inc.] [Hewlett-Packard Company] <"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"> [ATI Technologies, Inc.] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [Hewlett-Packard] [Hewlett-Packard Company] [] <> [N/A] [(Verified)Microsoft Windows Hardware Compatibility Publisher] [Hewlett-Packard Co.] [Logitech Inc.] [Logitech Inc.] [Logitech Inc.] <"C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot> [RealNetworks, Inc.] [(Verified)Microsoft Windows Publisher] <"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.] <"C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"> [N/A] [(Verified)ALWIL Software] <"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"] [N/A] [] [] [] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Component Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{56F9679E-7826-4C84-81F3-532071A8BCC5}> [(Verified)Microsoft Windows] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32 egsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32 hemeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] [N/A] ================================== Startup Folders [HP Digital Imaging Monitor] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]> [Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter] C:\PROGRA~1\SAGEMW~1.11G\WLANUTL.exe [ ]> [Windows Desktop Search] C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [Microsoft Corporation]> [Pin] C:\hp\bin\cloaker.exe [Hewlett-Packard Co.]> ================================== Services [Ad-Aware 2007 Service / aawservice][Running/Auto Start] <"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"> [Gestion d'applications / AppMgmt][Stopped/Manual Start] %SystemRoot%\System32\appmgmts.dll> [Ares Chatroom server / AresChatServer][Stopped/Manual Start] [Service d'état ASP.NET / aspnet_state][Stopped/Manual Start] [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"> [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start] [avast! Antivirus / avast! Antivirus][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"> [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service> [avast! Web Scanner / avast! Web Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service> [FFI / FFI][Stopped/Auto Start] [France Telecom Routing Table Service / FTRTSVC][Running/Auto Start] <"C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe"> [Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"> [Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Boot Start] <\SystemRoot\C:\WINDOWS\system32\HPZipm12.exe> [Sunbelt Personal Firewall 4 / SPF4][Running/Auto Start] <"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"> [Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start] <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"> ================================== Drivers [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] [Pilote de processeur AMD / AmdK8][Running/System Start] [ati2mtag / ati2mtag][Running/Manual Start] [catchme / catchme][Stopped/Manual Start] <\??\C:\DOCUME~1\dior\LOCALS~1\Temp\catchme.sys> [Firewall Driver / fwdrv][Running/System Start] <\SystemRoot\system32\drivers\fwdrv.sys> [IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start] [Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start] [USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start] [Pilote de processeur Intel / intelppm][Stopped/System Start] [Kerio HIPS Driver / khips][Running/System Start] <\SystemRoot\system32\drivers\khips.sys> [LT Modem Driver / ltmodem5][Stopped/Manual Start] [Logitech USB Monitor Filter / LVUSBSta][Running/Manual Start] [PCAMPR5 NDIS Protocol Driver / PCAMPR5][Stopped/Manual Start] <\??\C:\WINDOWS\system32\PCAMPR5.SYS> [PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start] <\??\C:\WINDOWS\system32\PCANDIS5.SYS> [Volume Adapter / pepifilter][Running/Manual Start] [QuickCam IM(PID_08A0) / PID_08A0][Running/Manual Start] [Ps2 / Ps2][Running/Manual Start] [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start] [Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) / rtl8139][Stopped/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] [SAGEM 802.11g XG760 1211 Driver / SG760_XP][Running/Manual Start] [Pilote de filtrage Sony USB (SONYPVU1) / SONYPVU1][Stopped/Manual Start] [ViaIde / ViaIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\viaide.sys> [Codec Teletext standard / WSTCODEC][Stopped/Manual Start] [ZDCndis5 Protocol Driver / ZDCndis5][Stopped/Manual Start] <\??\C:\WINDOWS\system32\ZDCndis5.SYS> [ZDPNDIS5 NDIS Protocol Driver / ZDPNDIS5][Stopped/Manual Start] <\??\C:\WINDOWS\system32\ZDPNDIS5.SYS> ================================== Browser Add-ons [] {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} [Java Plug-in 1.5.0_05] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [BlogThisToolbarButton Class] {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [&Rechercher] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [Aide à la connexion] {E2D4D26B-0180-43a4-B05F-462D6D54C789} <, N/A> [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} [QuickTime Object] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [MSN Photo Upload Tool] {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [MUWebControl Class] {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [Java Plug-in 1.5.0_05] {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.5.0_05] {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [Microsoft Office Template and Media Control] {02BCC737-B171-4746-94C9-0D8A0B2C0089} [QuickTime Object] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [ActiveMovieControl Object] {05589FA1-C356-11CE-BF01-00AA0055595A} [Aide pour le lien d'Adobe PDF Reader] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [InformationCardSigninHelper Class] {19916E01-B44E-4E31-94A4-4696DF46157B} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} [XML DOM Document] {2933BF90-7B36-11D2-B20E-00C04F983E60} [XSL Template] {2933BF94-7B36-11D2-B20E-00C04F983E60} [RealPlayer RAM Download Handler] {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} [HtmlDlgSafeHelper Class] {3050F819-98B5-11CF-BB82-00AA00BDCE0B} [IETag Factory] {38481807-CA0E-42D2-BF39-B33AF135CC4D} [QuickTime Object] {4063BE15-3B08-470D-A0D5-B37161CFFD69} [Microsoft Office Control] {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} [Windows Desktop Search Combo Control] {4E430174-1673-4FF3-BF28-A3B37F6573E7} [] {4F07F79F-087F-42CF-8B36-7A88D06088E9} [MSN Photo Upload Tool] {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [] {53707962-6F74-2D53-2644-206D7942484F} [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [MUWebControl Class] {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A> [Windows Media Services DRM Storage object] {760C4B83-E211-11D2-BF3E-00805FBE84A6} [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} [Java Plug-in 1.5.0_05] {8AD9C840-044E-11D1-B3E9-00805F499D93} [Programme d'aide de l'Assistant de connexion Windows Live] {9030D464-4C02-4ABF-8ECC-5164760863C6} [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [] {B69003B3-C55E-4B48-836C-BC5946FC3B28} [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [Helper Class] {BF0118D4-63FF-4138-9327-F3028FB1A578} [AUDIO__MID Moniker Class] {CD3AFA74-B84F-48F0-9393-7EDC34128127} [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} [AUDIO__WAV Moniker Class] {CD3AFA7B-B84F-48F0-9393-7EDC34128127} [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [Contrôle de l'Assistant de connexion Windows Live] {D2517915-48CE-4286-970F-921E881B8C5C} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [] {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [NameCtrl Class] {E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} [] {F06608C7-1874-4EEA-B3B2-DF99EBB144B8} [Runclose Control] {F31D1897-7EFD-4647-8687-E05894E382AB} [JScript Language] {F414C260-6AC0-11CF-B6D1-00AA00BBBB58} [XML DOM Document 3.0] {F5078F32-C551-11D3-89B9-0000F81FE221} [XML DOM Document] {F6D90F11-9C73-11D3-B32E-00C04F990BB4} [Free Threaded XML DOM Document] {F6D90F12-9C73-11D3-B32E-00C04F990BB4} [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} [] {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} [IERPCtl Class] {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} [E&xporter vers Microsoft Excel] ================================== Running Processes [PID: 776 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 868 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 896 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4119] [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 940 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [PID: 952 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1100 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4119] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497] [PID: 1112 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1224 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1268 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [PID: 1376 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\windows\system32\wudfsvc.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)] [c:\windows\system32\WUDFPlatform.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)] [PID: 1428 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1532 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [PID: 1824 / SYSTEM][C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe] [Lavasoft, 7,0,2,6] [C:\Program Files\Lavasoft\Ad-Aware 2007\CEAPI.dll] [Lavasoft, 7,0,2,6] [C:\Program Files\Lavasoft\Ad-Aware 2007\PKArchive85u.dll] [PKWARE, Inc., 8.4.1045.0] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\Program Files\Lavasoft\Ad-Aware 2007\Update.dll] [, 7, 0, 2, 6] [PID: 1840 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 1892 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 320 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\HpTcpMon.dll] [Hewlett Packard, 5.01.00.011] [C:\WINDOWS\system32\hpzjrd01.dll] [Hewlett Packard, 2.01.00.001] [C:\WINDOWS\system32\HPTcpMUI.dll] [Microsoft Corporation, 5.01.00.011] [C:\WINDOWS\system32\hptcpmib.dll] [Hewlett Packard, 5.01.00.011] [C:\WINDOWS\system32\hpzlnt12.dll] [HP, 2.335.5.0] [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2] [PID: 420 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 456 / SYSTEM][C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe] [France Telecom SA, 12.1.42.48 ] [C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\IfHelper.dll] [France Telecom SA, 12.1.42.48 ] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [PID: 612 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 680 / SYSTEM][C:\WINDOWS\system32\SearchIndexer.exe] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\TQUERY.DLL] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\PROPSYS.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\msstrc.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\mssrch.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\propdefs.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\XmlLite.dll] [Microsoft Corporation, 1.00.1018.0] [C:\WINDOWS\system32\fr-fr Query.dll.mui] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\msscb.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\mssprxy.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [PID: 544 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3760 / dior][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4119] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497] [PID: 3976 / dior][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\Program Files\Windows Desktop Search\deskbar.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\Program Files\Windows Desktop Search\fr-fr\dbres.dll.mui] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\Program Files\Windows Desktop Search\dbres.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\Program Files\Windows Desktop Search\wordwheel.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [C:\Program Files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\Program Files\Windows Desktop Search\msnlExtRes.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll] [Panicware, Inc., 1, 0, 0, 1008] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0] [C:\WINDOWS\system32\mpg2splt.ax] [, ] [C:\WINDOWS\system32\Samsung PC Studio Codecs\Mpeg4DSF.dll] [, 0.0.0.0] [C:\WINDOWS\system32\Samsung PC Studio Codecs\Pal.dll] [InterObject Ltd., 0, 0, 22, 0] [C:\WINDOWS\system32\Samsung PC Studio Codecs\Mpeg4System.dll] [N/A, ] [C:\WINDOWS\system32\Samsung PC Studio Codecs\Mpeg4Tools.dll] [N/A, ] [C:\WINDOWS\system32\MSCOREE.DLL] [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll] [Microsoft Corporation, 1.1.4322.2032] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [c:\Program Files\HP\Digital Imaging\bin\LCodcCMP.dll] [LEAD Technologies, Inc., 1.0.0.021] [C:\WINDOWS\system32\lvcodec2.dll] [Logitech Inc., 8.4.6.1016] [C:\WINDOWS\system32\LameACM.acm] 0.9.1 [C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\Program Files\WinRAR arext.dll] [N/A, ] [C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0] [C:\WINDOWS\system32\iphttphl4.dll] [N/A, ] [PID: 2120 / dior][C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe] [Sun Microsystems, Inc., 5.0.50.5] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [PID: 2128 / dior][C:\windows\system\hpsysdrv.exe] [Hewlett-Packard Company, 1, 7, 0, 0] [PID: 2140 / dior][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5166] [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5166] [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.FRA] [ATI Technologies, Inc., 6.14.10.5166] [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5166] [PID: 2212 / dior][C:\WINDOWS\ALCXMNTR.EXE] [Realtek Semiconductor Corp., 1.5] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 2264 / dior][C:\HP\KBD\KBD.EXE] [Hewlett-Packard Company, 1.0.2.2.20205] [C:\HP\KBD\led.dll] [Hewlett-Packard Company, 1.0.2.0] [C:\HP\KBD\USB.dll] [Hewlett-Packard Company, 1.0.2.2.071205] [C:\HP\KBD\ps2.dll] [Hewlett-Packard Company, 1.0.2.2.112404] [C:\HP\KBD\msg.dll] [Hewlett-Packard Company, 1.0.2.2.112404] [C:\HP\KBD\osd.dll] [Hewlett-Packard Company, 1.0.2.2.071105] [C:\HP\KBD\sct.dll] [Hewlett-Packard Company, 1.0.2.2.32205] [C:\HP\KBD\onl.dll] [Hewlett-Packard Company, 1.0.2.2.052705] [C:\HP\KBD\aol.dll] [Hewlett-Packard Company, 1.0.2.2.071105] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\HP\KBD\url.dll] [Hewlett-Packard Company, 1.0.2.2.071105] [C:\HP\KBD\cfg.dll] [Hewlett-Packard Company, 1.0.2.1] [C:\HP\KBD\MSIKBDIF.DLL] [Hewlett-Packard Company, 1.0.2.0] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll] [Panicware, Inc., 1, 0, 0, 1008] [PID: 2664 / dior][C:\Program Files\HP\HP Software Update\HPwuSchd2.exe] [Hewlett-Packard Co., 53.0.13.000] [PID: 2764 / dior][C:\WINDOWS\system32\LVCOMSX.EXE] [Logitech Inc., 8.4.1.1092] [C:\WINDOWS\system32\lvmaenum.dll] [Logitech Inc., 8.4.1.1092] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\lvcomcx.dll] [Logitech Inc., 8.4.1.1092] [PID: 2772 / dior][C:\Program Files\Logitech\Video\LogiTray.exe] [Logitech Inc., 8.4.6.1012] [C:\Program Files\Logitech\Video\QCUI2.dll] [Logitech Inc., 8.4.6.1012] [C:\Program Files\Logitech\Video\LTWVC12n.dll] [LEAD Technologies, Inc., 12.1.0.058] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Logitech\Video\LTFIL12n.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LTKRN12n.dll] [LEAD Technologies, Inc., 12.1.0.058] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Logitech\Video\LQCUI2.dll] [Logitech Inc., 8.4.6.1012] [C:\Program Files\Logitech\Video\LLogTray.dll] [Logitech Inc., 8.4.6.1012] [C:\Program Files\Logitech\Video\LTDIS12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LTIMG12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LTEFX12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LFFAX12N.DLL] [LEAD Technologies, Inc., 12.1.0.020] [C:\Program Files\Logitech\Video\LFCMP12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LFTIF12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LFBMP12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\WINDOWS\system32\lvmaenum.dll] [Logitech Inc., 8.4.1.1092] [C:\WINDOWS\system32\lvcomcx.dll] [Logitech Inc., 8.4.1.1092] [C:\Program Files\Logitech\Video\FXSvrps.dll] [Logitech Inc., 8.4.6.1012] [PID: 2792 / dior][C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe] [RealNetworks, Inc., 0.1.0.3292] [PID: 2836 / dior][C:\WINDOWS\system32 undll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2920 / dior][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll] [Panicware, Inc., 1, 0, 0, 1008] [PID: 3008 / dior][C:\WINDOWS\system32\drivers\alg.exe] [N/A, ] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [PID: 3020 / dior][C:\Program Files\Logitech\Video\FxSvr2.exe] [Logitech Inc., 8.4.6.1012] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\lvmaenum.dll] [Logitech Inc., 8.4.1.1092] [C:\WINDOWS\system32\lvcomcx.dll] [Logitech Inc., 8.4.1.1092] [C:\Program Files\Logitech\Video\FXSvrps.dll] [Logitech Inc., 8.4.6.1012] [PID: 3112 / dior][C:\WINDOWS\system32\drivers\smss.exe] [N/A, ] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [PID: 3184 / dior][C:\WINDOWS\system32\drivers\csrss.exe] [N/A, ] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [PID: 3200 / dior][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3368 / dior][C:\bhij.exe] [N/A, ] [PID: 520 / dior][C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpquio08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpotra08.dll] [Hewlett-Packard Co., 50.0.214.000] [c:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc] [Hewlett-Packard Co., 50.0.214.000] [c:\Program Files\HP\Digital Imaging\bin\hpodio08.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpotradd.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\Unload\hpiCamTA.dll] [Hewlett-Packard, 5.0.0.247] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [c:\Program Files\HP\Digital Imaging\Unload\HpqUnRes.dll] [, ] [c:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hphtra08.dll] [Hewlett-Packard, 8,1,0,12] [c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll] [, 5.0.0.247] [c:\Program Files\HP\Digital Imaging\bin\hpodvd09.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpoddcomm09.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\WINDOWS\system32\hpzidr12.dll] [HP, 9, 0, 0, 0] [C:\WINDOWS\system32\hpzipr12.dll] [HP, 9, 0, 0, 0] [PID: 1588 / dior][C:\Program Files\Windows Desktop Search\WindowsSearch.exe] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\uncdms.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\mssprxy.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\oeph.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\WINDOWS\system32\mssph.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\TQUERY.DLL] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\PROPSYS.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [C:\WINDOWS\system32\msstrc.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\Program Files\Windows Desktop Search\fr-fr\WindowsSearchRes.dll.mui] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\Program Files\Windows Desktop Search\WindowsSearchRes.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\Program Files\Windows Desktop Search\WdsMktTools.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [PID: 3120 / dior][c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpqmfc09.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.rsc] [Hewlett-Packard Co., 53.0.13.000] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [c:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpodio08.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\WINDOWS\system32\hpzipr12.dll] [HP, 9, 0, 0, 0] [C:\WINDOWS\system32\hpzidr12.dll] [HP, 9, 0, 0, 0] [c:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc] [Hewlett-Packard Co., 53.0.13.000] [PID: 5972 / SYSTEM][C:\Program Files\Windows Live\Messenger\usnsvc.exe] [Microsoft Corporation, 8.5.1302.1018] [C:\Program Files\Windows Live\Messenger\usnsvcps.dll] [Microsoft Corporation, 8.5.1302.1018] [PID: 6468 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 6528 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 10012 / dior][C:\Program Files\Windows Live\Messenger\msnmsgr.exe] [Microsoft Corporation, 8.5.1302.1018] [C:\Program Files\Windows Live\Messenger\MSNCore.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\Program Files\Windows Live\Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1] [C:\Program Files\Windows Live\Messenger\ContactsUX.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\Program Files\Windows Live\Messenger\msgslang.8.5.1302.1018.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\Program Files\Windows Live\Messenger\msgsres.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\Program Files\Windows Live\Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\Program Files\Windows Live\Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)] [C:\Program Files\Windows Live\Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Windows Live\Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\Program Files\Windows Live\Messenger\lmcdata.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\Program Files\Windows Live\Messenger\abssm.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\Program Files\Windows Live\Messenger\dfsr.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\Program Files\Windows Live\Messenger\usnsvcps.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\Program Files\Windows Live\Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)] [C:\WINDOWS\system32\mfplat.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGSC8~1.DLL] [Microsoft Corporation, 8.5.1302.1018] [PID: 8364 / SYSTEM][C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe] [Sunbelt Software, 4.5.916.0] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoFoundation.dll] [N/A, ] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoXML.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoExt.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\kfe.dll] [Sunbelt Software, 4.3.182.0] [C:\Program Files\Sunbelt Software\Personal Firewall\LIBEAY32.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\SSLEAY32.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\curllib.dll] [The cURL library, https://curl.se/ 7.15.2] [C:\Program Files\Sunbelt Software\Personal Firewall\kwsapi.dll] [Sunbelt Software, 4.3.182.0] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [PID: 2312 / SYSTEM][C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe] [Sunbelt Software, 4.5.916.0] [C:\Program Files\Sunbelt Software\Personal Firewall\LIBEAY32.dll] [N/A, ] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Sunbelt Software\Personal Firewall\SSLEAY32.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoFoundation.dll] [N/A, ] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoXML.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoExt.dll] [N/A, ] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [PID: 8448 / dior][C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe] [Sunbelt Software, 4.5.916.0] [C:\Program Files\Sunbelt Software\Personal Firewall\LIBEAY32.dll] [N/A, ] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Sunbelt Software\Personal Firewall\SSLEAY32.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoFoundation.dll] [N/A, ] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoXML.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoExt.dll] [N/A, ] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [PID: 9784 / dior][C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE] [Microsoft Corporation, 11.0.8169] [C:\Program Files\Fichiers communs\Microsoft Shared\office11\mso.dll] [Microsoft Corporation, 11.0.8172] [C:\Program Files\Fichiers communs\Microsoft Shared\office11 iched20.dll] [Microsoft Corporation, 5.50.99.2050] [C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\METCONV.DLL] [Microsoft Corporation, 11.0.6467] [C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\INTLNAME.DLL] [Microsoft Corporation, 11.0.8157] [C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\FNAME.DLL] [Microsoft Corporation, 11.0.8164] [C:\PROGRA~1\FICHIE~1\MICROS~1\SMARTT~1\1036\stintl.dll] [Microsoft Corporation, 11.0.8161] [C:\Program Files\Fichiers communs\Microsoft Shared\PROOF\MSSP3FR.DLL] [Microsoft Corporation, 5.0.8150] [C:\Program Files\Microsoft Office\OFFICE11\intldate.dll] [Microsoft Corporation, 11.0.8161] [C:\Program Files\Fichiers communs\Microsoft Shared\PROOF\mslid.dll] [Microsoft Corporation, 1.0.2305] [C:\Program Files\Fichiers communs\Microsoft Shared\PROOF\1036\MSGR3FR.DLL] [Microsoft Corporation, 5.1.3019.1] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpzpm312.dll] [HP, 2.335.5.0] [C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\hpz2ku12.dll] [HP, 2.335.5.0] [PID: 10160 / dior][C:\Documents and Settings\dior\Bureau\SREngPS.EXE] [Smallfrogs Studio, 2.5.16.900] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\Documents and Settings\dior\Bureau\Upload\3rdUpd.DLL] [Smallfrogs Studio, 2, 1, 0, 15] ================================== File Associations .TXT OK. [%SystemRoot%\system32\NOTEPAD.EXE %1] .EXE OK. ["%1" %*] .COM OK. ["%1" %*] .PIF OK. ["%1" %*] .REG OK. [regedit.exe "%1"] .BAT OK. ["%1" %*] .SCR OK. ["%1" /S] .CHM OK. ["C:\WINDOWS\hh.exe" %1] .HLP OK. [%SystemRoot%\System32\winhlp32.exe %1] .INI OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .INF OK. [%SystemRoot%\System32\NOTEPAD.EXE %1] .VBS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .JS OK. [%SystemRoot%\System32\WScript.exe "%1" %*] .LNK OK. [{00021401-0000-0000-C000-000000000046}] ================================== Winsock Provider N/A ================================== Autorun.Inf N/A ================================== HOSTS File 127.0.0.1 localhost ================================== Process Privileges Scan Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2120, C:\PROGRAM FILES\JAVA\JRE1.5.0_05\BIN\JUSCHED.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2128, C:\WINDOWS\SYSTEM\HPSYSDRV.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2140, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2264, C:\HP\KBD\KBD.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2664, C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2764, C:\WINDOWS\SYSTEM32\LVCOMSX.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2772, C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE] Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2792, C:\PROGRAM FILES\FICHIERS COMMUNS\R

g!rly · Answer

re,

Telecharges Killbox sur ton bureau n´y touche pas pour le moment.
http://www.downloads.subratam.org/KillBox.exe

copie les instructions si dessous dans un fichier txt ou imprime les car tu va devoir redemarrer en mode sans echec et tu n´auras plus acces au net...

comment redemarrer en mode sans echec :

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
   Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
   capture d´ecran : http://www.coupdepoucepc.com/images_cdppc4/fichespratiques/windowsxp/modese/modese2.jpg
   Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
   Ps : si F8 ne marche pas utilise la touche F5.

Fix.reg

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(X)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sysmem32"=-
"Memory_chech"=-
"Clipboard_x"=-
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WintelUpdate"=-

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
Note ; regedit 4 est sur la premiere ligne et il y a une ligne blanche a la fin
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler a ca une fois enrregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"

puis

Double clique sur killbox.exe (Pocket Killbox)

 Copie les lignes ci dessous :

C:\WINDOWS\system32\drivers\alg.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\bhij.exe

-> Sur PocketKillBox --> menu "File" --> "Paste from Clipboard"

Tu peux vérifier dans le menu déroulant que les fichiers sont bien présent.
- coche la case "Unregister dll before deleting" (si tu en as la possibilité)
- click sur le bouton "All files"
- click ensuite sur la croix rouge

Au deux messages qui vont s'afficher, tu réponds par "YES"
L'ordinateur doit redémarrer, sinon, fais le toi-même, quoiqu'il arrive.

Après redémarrage, relance Killbox puis clic sur l'onglet "fichier" -> Log -> Actions History Log
Poste le rapport ici 

Ps : si tu ne comprends pas quelque chose demande moi avant de le faire...

@+

Helpmei34 · Answer

Bonjour à toi !!

J'ai fais toutes les manip' que tu m'as demandé maos lorsque je redémarre l'ordi en mode normal, que je double cliques sur Killbox puis copie des lignes, files ... Seulement je ne peux pas cliquer sur le bouton "All files"... Mais quand je suis sur "Delecte on reboot" là je peux... ?

Helpmei34 · Answer

Avant le virus MSN:

Aussi, je ne sais pas si cela à de l'importance mais ma connexion internet se déconnecte toutes les 5 min et je suis sympa. Et quand elle n'arrive pas à se connecter ça me dit connectivité limitée ou inexistante alors que ma livebox est à 4/5 batons... Et mon ordi commencait à mettre un peu de temps avant de s'éteindre...

g!rly · Answer

salut helpmei,

oui je me suis moi meme posé la question quand j´ai ecrit la manip, mais comme je t´avais demandé de le faire en mode sans echec je me suis dis que delete on rebbot n´etait pas necessaire...

bon, 

on reprends alors :

Double clique sur killbox.exe (Pocket Killbox) et coche la case "Delete on reboot".

Copie les lignes ci dessous :

C:\WINDOWS\system32\drivers\alg.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\bhij.exe

-> Sur PocketKillBox --> menu "File" --> "Paste from Clipboard"

Tu peux vérifier dans le menu déroulant que les fichiers sont bien présent.
- coche la case "Unregister dll before deleting" (si tu en as la possibilité)
- click sur le bouton "All files"
- click ensuite sur la croix rouge

Au deux messages qui vont s'afficher, tu réponds par "YES"
L'ordinateur doit redémarrer, sinon, fais le toi-même, quoiqu'il arrive.

Après redémarrage, relance Killbox puis clic sur l'onglet "fichier" -> Log -> Actions History Log
Poste le rapport ici 

@+

Helpmei34 · Answer

J'étais à 2 doigts de la faire mais j'ai préféré que tu me le confirmes car si je me trompais j'avais peur des conséquences... Je vais cela de ce pas :)

 Merci beaucoup en tout cas d'être là pour moi !!

g!rly · Answer

ok,
@+

Helpmei34 · Answer

Le voici :

Pocket Killbox version 2.0.0.648
Running on Windows XP as dior(Administrator)
was started @ vendredi, janvier 25, 2008, 4:48 PM
 
Killbox Closed(Exit) @ 4:52:59 PM
__________________________________________________
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as dior(Administrator)
was started @ vendredi, janvier 25, 2008, 4:53 PM
 
Killbox Closed(Exit) @ 4:58:08 PM
__________________________________________________
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as dior(Administrator)
was started @ vendredi, janvier 25, 2008, 5:32 PM
 
# 1 [Delete on Reboot]
Path = C:\WINDOWS\system32\drivers\alg.exe  C:\WINDOWS\system32\drivers\smss.exe  C:\WINDOWS\system32\drivers\csrss.exe C:\bhij.exe

 
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 5:34:43 PM
# 2 [Delete on Reboot]
Path = C:\WINDOWS\system32\drivers\alg.exe  C:\WINDOWS\system32\drivers\smss.exe  C:\WINDOWS\system32\drivers\csrss.exe C:\bhij.exe

 
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 5:35:21 PM
Killbox Closed(Exit) @ 5:35:23 PM
__________________________________________________
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as dior(Administrator)
was started @ vendredi, janvier 25, 2008, 5:36 PM

g!rly · Answer

re,

je crois que c´est pas vraiment ca, tu as du t´emeller un peu les pinceaux avec killbox.

on va le faire avec celui la :

Télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt.exe (de Old_Timer) sur ton Bureau.

redemarre en mode sans echec et

double-click sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :
    
C:\WINDOWS\system32\drivers\alg.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\bhij.exe 

Click sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
click sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Ps : il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.
http://img137.imageshack.us/img137/3558/refaitjk8.th.jpg

@+

Helpmei34 · Answer

C'est tout ce que j'ai trouvé dans le fichier Move :

C:\WINDOWS\system32\drivers\alg.exe moved successfully.
C:\WINDOWS\system32\drivers\smss.exe moved successfully.
C:\WINDOWS\system32\drivers\csrss.exe moved successfully.
C:\bhij.exe moved successfully.
 
Created on 01-25-2008 17:59:30

g!rly · Answer

ok cool

post un nouveau hijack this stp

@+

Helpmei34 · Answer

Le voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:26, on 2008-01-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O2 - BHO: (no name) - {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} - C:\WINDOWS\system32\iphttphl4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Kernel32_sysdamper] C:\WINDOWS\system32\drivers\sysdamp.exe
O4 - HKLM\..\Run: [Sysmem32] C:\WINDOWS\system32\drivers\alg.exe
O4 - HKLM\..\Run: [Memory_chech] C:\WINDOWS\system32\drivers\smss.exe
O4 - HKLM\..\Run: [Clipboard_x] C:\WINDOWS\system32\drivers\csrss.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: ffdshow
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

g!rly · Answer

re,

y a pas eu tellement d´amelioration, car il aurait falu faire tout d´un trait.

alors on va le refaire ;-)

telecharge ce fichier et dezip le contenu helmei34.reg sur ton bureau :

http://sd-1.archive-host.com/membres/up/1366464061/Helpmei34.rar

redemare en mode sans echec.

double click sur helpmei34.reg  > accepte la fusion avec le registre 

puis

double-click sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :

C:\WINDOWS\system32\iphttphl4.dll
C:\WINDOWS\system32\drivers\alg.exe
C:\WINDOWS\system32\drivers\smss.exe
C:\WINDOWS\system32\drivers\csrss.exe
C:\bhij.exe

Click sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
click sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
Ps : il te sera peut-être demander de redémarrer le pc pour achever la suppression. Si c'est le cas accepte par Yes.

redemarre en mode normal et repost un hijack this 

@+

Helpmei34 · Answer

Voici moveIT :

File/Folder C:\WINDOWS\system32\drivers\alg.exe not found.
File/Folder C:\WINDOWS\system32\drivers\smss.exe not found.
File/Folder C:\WINDOWS\system32\drivers\csrss.exe not found.
File/Folder C:\bhij.exe not found.
 
Created on 01-25-2008 20:56:44


Hitjack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02, on 2008-01-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O2 - BHO: (no name) - {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} - C:\WINDOWS\system32\iphttphl4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: ffdshow
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: FFI - Unknown owner - C:\WINDOWS\system32\svchost.exe:exm.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

g!rly · Answer

re,

c´est mieux ;-)

fais ceci maintenant :

1°- « Démarrer » > « Executer » > taper cmd > valide par ok

sc stop "FFI" ==> [Enter]
sc config "FFI" start= disabled ==> [Enter]

2°- Redémarre MSE (mode sans echec).Choisis ton compte usuel, et non Administrateur.

3°- « Démarrer » > « Executer » > taper cmd > valide par ok

sc delete "FFI" ==> [Enter] 

puis reessais maintenant de faire combofix :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe      

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

@+

Helpmei34 · Answer

Aaaah ça me fais plaisir !! je fais desuite ce que tu m'as dit ...

Il fait que je tape "sc delete FFI" ? dans la fenêtre noire ?

Helpmei34 · Answer

...Après le nom d'utilisateur ou je saute une ligne?

g!rly · Answer

re,

en faite tu redemarre en mode sans echec et tu choisie ton compte usuel,

puis une fois en mode snas echec, oui tu ecris ceci sc delete "FFI" ==> [Enter]  dans la fenetre noire

note : respect les espaces

@+

Helpmei34 · Answer

Le ComboFIX me fais toujours buguer l'ordi sans afficher le rapport...

g!rly · Answer

bon

repost un hijack this stp

@+

Helpmei34 · Answer

Le voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:58, on 2008-01-25
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O2 - BHO: (no name) - {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} - C:\WINDOWS\system32\iphttphl4.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: ffdshow
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

g!rly · Answer

re,

peux tu aller dans le system32 et essayer de supprimer ce fichier :

C:\WINDOWS\system32\iphttphl4.dll

si il persiste essaie en mode sans echec 

peux etre devras tu faire cela pour le trouver :

Affiche tous les fichiers et dossiers :
Pour cela :
Clique sur démarrer/panneau de configuration/option des dossiers/affichage

Cocher afficher les dossiers cacher

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)"

Décocher masquer les extensions dont le type est connu

Puis fais «Ok» pour valider les changements.

Et appliquer ! 

dis moi quoi

@+

Helpmei34 · Answer

oki

Helpmei34 · Answer

Je viens de recevoir 2 alertes de avast de chevaux de troie...

Helpmei34 · Answer

Je ne le trouve pas et j'ai pas options des fichiers dans panneau de configuration..

N’avez-vous jamais regardé une photo de vous et vu un étranger à l’arrière plan ?
Ça vous fait vous demander combien d’étrangers ont des photos de vous.
(Les Frères Scott, 403)

Helpmei34 · Answer

C'est fait !

g!rly · Answer

salut, 

fais ceci :

Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

@+

Helpmei34 · Answer

Coucou !

Voici le rapport :


SDFix: Version 1.131

Run by dior on 2008-01-26 at 20:12

Microsoft Windows XP [version 5.1.2600]

Running From: C:\DOCUME~1\dior\Bureau\SDFix

Safe Mode:
Checking Services: 

Name:
astq
ztx86

Path:
\??\C:\WINDOWS\system32\drivers\astq.tga 
\??\C:\WINDOWS\system32\ztx86.sys 

astq - Deleted
ztx86 - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...


Normal Mode:
Checking Files: 

Trojan Files Found:

C:\WINDOWS\system32\drivers\astq.tga  - Deleted
C:\WINDOWS\system32\ztx86.sys  - Deleted





Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found. 

C:\WINDOWS\explorer.exe
No streams found.
 
C:\WINDOWS\system32
No streams found. 

C:\WINDOWS\system32\svchost.exe
No streams found.
 
C:\WINDOWS\system32
toskrnl.exe
No streams found.
 


                                 Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-26 20:23:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

IPC error: 2 Le fichier spécifié est introuvable.
scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b010af1]
"0017d536eb4d"=hex:6a,0e,99,f8,5f,5d,d1,1a,70,18,31,a8,9f,64,74,b2
"0016db0258af"=hex:d6,0c,87,9f,2c,ff,bb,c5,ac,5d,ef,29,a1,79,b9,c9
"0018131d39cd"=hex:ed,2c,b5,78,89,f7,56,e8,c7,99,1c,54,d6,2c,8b,27
"0005c9455f54"=hex:33,c2,86,cf,4f,94,04,f4,b4,a2,53,03,d4,fa,77,79
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b010af1]
"0017d536eb4d"=hex:6a,0e,99,f8,5f,5d,d1,1a,70,18,31,a8,9f,64,74,b2
"0016db0258af"=hex:d6,0c,87,9f,2c,ff,bb,c5,ac,5d,ef,29,a1,79,b9,c9
"0018131d39cd"=hex:ed,2c,b5,78,89,f7,56,e8,c7,99,1c,54,d6,2c,8b,27
"0005c9455f54"=hex:33,c2,86,cf,4f,94,04,f4,b4,a2,53,03,d4,fa,77,79

scanning hidden registry entries ...

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\xd8\x2022\x20ac|\xff\xff\xff\xff\22\x2022\x20ac|\xf9\x20229~\2]
"C040110900063D11C8EF10054038389C"="C?\WINDOWS\system32\FM20ENU.DLL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
"TracesProcessed"=dword:000000a0
"TracesSuccessful"=dword:00000006

scanning hidden files ...


scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 52


Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\Alwil Software\Avast4\ashAvast.exe"="C:\Program Files\Alwil Software\Avast4\ashAvast.exe:*:Enabled:avast! Antivirus"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

Remaining Files:
---------------

File Backups: - C:\DOCUME~1\dior\Bureau\SDFix\backups\backups.zip

Files with Hidden Attributes:

Fri 23 Jun 2006           218 A.SHR --- "C:\BOOT.BAK"
Sat  1 Apr 2006            22 A.SH. --- "C:\WINDOWS\SMINST\HPCD.SYS"
Sun 25 Jun 2006         4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Thu 28 Jun 2001     1,679,360 A..H. --- "C:\Program Files\Ulead Systems\Ulead GIF Animator 5\ga_main.exe"
Mon 26 Feb 2007             0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 12 Dec 2007             0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\4633c51c90c17af214c8eeab40b9fcf4\BITED.tmp"
Tue 11 Sep 2007        62,976 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 07-08\AMELIORATION DES MOYENS DE COMS\~WRL0002.tmp"
Thu 19 Apr 2007        29,696 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL1374.tmp"
Thu 19 Apr 2007        24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL1410.tmp"
Thu 19 Apr 2007        29,696 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL3801.tmp"
Sat 14 Apr 2007        25,600 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ABI OFFICIELLE\PUBLISHER\Affiche informative. Publisher\~WRL3540.tmp"
Mon 22 Jan 2007        24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL0621.tmp"
Mon 22 Jan 2007        61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1274.tmp"
Mon 22 Jan 2007        21,504 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1572.tmp"
Mon 22 Jan 2007        20,480 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL2287.tmp"
Mon 22 Jan 2007        23,040 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3444.tmp"
Mon 22 Jan 2007        61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3618.tmp"
Mon 22 Jan 2007        24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL0621.tmp"
Mon 22 Jan 2007        61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1274.tmp"
Mon 22 Jan 2007        21,504 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1572.tmp"
Mon 22 Jan 2007        20,480 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL2287.tmp"
Mon 22 Jan 2007        23,040 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3444.tmp"
Mon 22 Jan 2007        61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3618.tmp"
Tue 11 Sep 2007        62,976 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 07-08\AMELIORATION DES MOYENS DE COMS\~WRL0002.tmp"
Thu 19 Apr 2007        29,696 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL1374.tmp"
Thu 19 Apr 2007        24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL1410.tmp"
Thu 19 Apr 2007        29,696 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\PAUL\~WRL3801.tmp"
Mon 22 Jan 2007        19,968 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL0003.tmp"
Mon 22 Jan 2007        24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL0621.tmp"
Mon 22 Jan 2007        61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL1274.tmp"
Mon 22 Jan 2007        21,504 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL1572.tmp"
Mon 22 Jan 2007        20,480 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL2287.tmp"
Mon 22 Jan 2007        23,040 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL3444.tmp"
Mon 22 Jan 2007        61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CPAP SIMULAGE\~WRL3618.tmp"
Mon 22 Jan 2007        25,600 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\MARION\CV + LETTRE MOTIVATION\~WRL0001.tmp"
Sat 14 Apr 2007        25,600 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ABI OFFICIELLE\PUBLISHER\Affiche informative. Publisher\~WRL3540.tmp"
Mon 22 Jan 2007        24,064 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL0621.tmp"
Mon 22 Jan 2007        61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1274.tmp"
Mon 22 Jan 2007        21,504 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL1572.tmp"
Mon 22 Jan 2007        20,480 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL2287.tmp"
Mon 22 Jan 2007        23,040 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3444.tmp"
Mon 22 Jan 2007        61,952 A..H. --- "C:\Documents and Settings\marionette\Mes documents\PME PMI\TOTALITE CLE USB\ANNEE 06-07\ACTIONS OFFICIELLES\SIMUL'AGE\CPAP\~WRL3618.tmp"

Finished!

g!rly · Answer

salut  Helpmei34

super, sdfix a bien bossé ,-)

peux tu reposter un nouveau comboscan stp

@+

Helpmei34 · Answer

Hello !

Le voici :

Deckard's System Scanner v20071014.68
Run by dior on 2008-01-27 21:07:50
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as dior.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:07, on 2008-01-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32undll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Documents and Settings\dior\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\dior.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O2 - BHO: (no name) - {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} - C:\WINDOWS\system32\iphttphl4.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: ffdshow
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

g!rly · Answer

re,

Fix.reg

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(X)) :

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
REGEDIT4

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB}]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
note: regedit4 est dur la premiere page et il y a une ligne blanche a la fin
Puis click sur "fichier"/"enregistrer sous" :
dans : sur le bureau
Nom du fichier : fix.reg
Type de fichier : "tous les fichiers"
clique sur "enregistrer"

ca doit ressembler a ca une fois enrregistré :

http://img520.imageshack.us/img520/4251/screenshot005ps2.png

quitte internet et double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?"
Si c'est bien le cas, clique sur "oui"
post un rapport hijack this apres l´avoir fait
@+

Helpmei34 · Answer

Re,

Hitjack :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:44, on 2008-01-27
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32undll32.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O2 - BHO: (no name) - {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} - C:\WINDOWS\system32\iphttphl4.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: ffdshow
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

g!rly · Answer

re,

1/ Télécharge Icesword ici : https://www.majorgeeks.com/
Extrais l'archive Icesword sur ton bureau, puis, dans ce dossier, double-clique sur icesword.exe

Choisis le bouton "function" puis le bouton BHO. Fais un clic droit sur cette BHO et choisis delete :
{FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB}

dis moi quoi

@+

Helpmei34 · Answer

Le lien ne fonctionne plus...

Helpmei34 · Answer

Je l'ai trouvé sur telecharger.com

g!rly · Answer

ok

Helpmei34 · Answer

J'ai "refresh" pas "delete"...

g!rly · Answer

essaie refresh et apres delete

Helpmei34 · Answer

J'ai pas de "delete" même aprsè avoir cliquer plusierus fois sur "refresh"

Helpmei34 · Answer

Ca ne fonctionne pas..

Helpmei34 · Answer

G!rly ?

g!rly · Answer

salut helpmei,

j´ai du m´absenter hier, desolé...

peux tu poster un rapport de sreng stp

double clique sur SREng.exe afin de lancer l'outil
Clique sur Smart Scan
Ensuite, clique sur le bouton [Scan]
 
Lorsque complété, clique sur le bouton [Save Reports]
Sauvegarde le rapport sur ton Bureau
Copie/colle le contenu du fichier SREnglLOG.log dans ta prochaine réponse
 
Attention, le scan sera peut être trop long pour un seul message. Il faudra dans ce cas scinder le rapport en deux.

@+

Helpmei34 · Answer

Salut G!rly ! Voici le Sreng: [CODE] 2008-01-28,18:39:29 System Repair Engineer 2.5.16.900 Smallfrogs (http://www.KZTechs.com) Windows XP Home Edition Service Pack 2 (Build 2600) - Administrative User - Completed Functions Allowed Follow item(s) have been choosed: All Boot Items (Including Registry, Startup Folders, Services and so on) Browser Add-ons Runing Processes (Including process model information) File Associations Winsock Provider Autorun.Inf HOSTS File Process Privileges Scan Boot Items Registry [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] [(Verified)Microsoft Windows Publisher] [N/A] <"C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"> [Panicware, Inc.] <"C:\Program Files\Ares\Ares.exe" -h> [Ares Development Group] [HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] [Sun Microsystems, Inc.] [Hewlett-Packard Company] <"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"> [ATI Technologies, Inc.] [(Verified)Microsoft Windows Publisher] [Hewlett-Packard] [Hewlett-Packard Company] [] <> [N/A] [(Verified)Microsoft Windows Publisher] [Hewlett-Packard Co.] [Logitech Inc.] [Logitech Inc.] [Logitech Inc.] <"C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot> [RealNetworks, Inc.] [(Verified)Microsoft Windows Publisher] <"C:\Program Files\QuickTime\qttask.exe" -atboottime> [Apple Computer, Inc.] <"C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"> [N/A] <"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"> [(Verified)"Adobe Systems, Incorporated"] [(Verified)ALWIL Software] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows] <> [N/A] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] <{56F9679E-7826-4C84-81F3-532071A8BCC5}> [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] [(Verified)Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}] <%systemroot%\system32\shmgrate.exe OCInstallUserConfigOE> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2C7339CF-2B09-4501-B3F3-F3508C9228ED}] <%SystemRoot%\system32 egsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32 hemeui.dll> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{44BBA842-CC51-11CF-AAFA-00AA00B6015B}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{5945c046-1e7d-11d1-bc44-00c04fd912be}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}] [(Verified)Microsoft Windows Component Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{7790769C-0471-11d2-AF11-00C04FA35D02}] <"%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install> [N/A] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{89B4C1CD-B018-4511-B0A1-5476DBF70820}] [Microsoft Corporation] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8b15971b-5355-4c82-8c07-7e181ea07608}] [(Verified)Microsoft Windows Publisher] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}] [N/A] [HKEY_CURRENT_USER\Control Panel\Desktop] [(Verified)ALWIL Software] ================================== Startup Folders [HP Digital Imaging Monitor] C:\PROGRA~1\HP\DIGITA~1\bin\hpqtra08.exe [Hewlett-Packard Co.]> [Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter] C:\PROGRA~1\SAGEMW~1.11G\WLANUTL.exe [ ]> [Windows Desktop Search] C:\PROGRA~1\WI459E~1\WINDOW~1.EXE [Microsoft Corporation]> [Pin] C:\hp\bin\cloaker.exe [Hewlett-Packard Co.]> ================================== Services [Ad-Aware 2007 Service / aawservice][Running/Auto Start] <"C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe"> [Gestion d'applications / AppMgmt][Stopped/Manual Start] %SystemRoot%\System32\appmgmts.dll> [Ares Chatroom server / AresChatServer][Stopped/Manual Start] [Service d'état ASP.NET / aspnet_state][Stopped/Manual Start] [avast! iAVS4 Control Service / aswUpdSv][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"> [Ati HotKey Poller / Ati HotKey Poller][Running/Auto Start] [avast! Antivirus / avast! Antivirus][Running/Auto Start] <"C:\Program Files\Alwil Software\Avast4\ashServ.exe"> [avast! Mail Scanner / avast! Mail Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service> [avast! Web Scanner / avast! Web Scanner][Running/Manual Start] <"C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service> [France Telecom Routing Table Service / FTRTSVC][Running/Auto Start] <"C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe"> [Accès du périphérique d'interface utilisateur / HidServ][Stopped/Disabled] %SystemRoot%\System32\hidserv.dll> [InstallDriver Table Manager / IDriverT][Stopped/Manual Start] <"C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"> [Pml Driver HPZ12 / Pml Driver HPZ12][Stopped/Boot Start] <\SystemRoot\C:\WINDOWS\system32\HPZipm12.exe> [Sunbelt Personal Firewall 4 / SPF4][Running/Auto Start] <"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe"> [Windows Live Setup Service / WLSetupSvc][Stopped/Manual Start] <"C:\Program Files\Windows Live\installer\WLSetupSvc.exe"> ================================== Drivers [Service for Realtek AC97 Audio (WDM) / ALCXWDM][Running/Manual Start] [Pilote de processeur AMD / AmdK8][Running/System Start] [ati2mtag / ati2mtag][Running/Manual Start] [catchme / catchme][Stopped/Manual Start] <\??\C:\DOCUME~1\dior\LOCALS~1\Temp\catchme.sys> [Firewall Driver / fwdrv][Running/System Start] <\SystemRoot\system32\drivers\fwdrv.sys> [IEEE-1284.4 Driver HPZid412 / HPZid412][Stopped/Manual Start] [Print Class Driver for IEEE-1284.4 HPZipr12 / HPZipr12][Stopped/Manual Start] [USB to IEEE-1284.4 Translation Driver HPZius12 / HPZius12][Stopped/Manual Start] [Pilote de processeur Intel / intelppm][Stopped/System Start] [Kerio HIPS Driver / khips][Running/System Start] <\SystemRoot\system32\drivers\khips.sys> [LT Modem Driver / ltmodem5][Stopped/Manual Start] [Logitech USB Monitor Filter / LVUSBSta][Running/Manual Start] [PCAMPR5 NDIS Protocol Driver / PCAMPR5][Stopped/Manual Start] <\??\C:\WINDOWS\system32\PCAMPR5.SYS> [PCANDIS5 NDIS Protocol Driver / PCANDIS5][Stopped/Manual Start] <\??\C:\WINDOWS\system32\PCANDIS5.SYS> [Volume Adapter / pepifilter][Running/Manual Start] [QuickCam IM(PID_08A0) / PID_08A0][Running/Manual Start] [Ps2 / Ps2][Running/Manual Start] [Pilote de liaison parallèle directe / Ptilink][Running/Manual Start] [PxHelp20 / PxHelp20][Running/Boot Start] <\SystemRoot\System32\Drivers\PxHelp20.sys> [Realtek 10/100/1000 NIC Family all in one NDIS XP Driver / RTL8023xp][Running/Manual Start] [Pilote NT de carte Realtek PCI Fast Ethernet à base RTL8139(A/B/C) / rtl8139][Stopped/Manual Start] [Secdrv / Secdrv][Stopped/Manual Start] [SAGEM 802.11g XG760 1211 Driver / SG760_XP][Running/Manual Start] [Pilote de filtrage Sony USB (SONYPVU1) / SONYPVU1][Stopped/Manual Start] [ViaIde / ViaIde][Running/Boot Start] <\SystemRoot\system32\DRIVERS\viaide.sys> [Codec Teletext standard / WSTCODEC][Stopped/Manual Start] [ZDCndis5 Protocol Driver / ZDCndis5][Stopped/Manual Start] <\??\C:\WINDOWS\system32\ZDCndis5.SYS> [ZDPNDIS5 NDIS Protocol Driver / ZDPNDIS5][Stopped/Manual Start] <\??\C:\WINDOWS\system32\ZDPNDIS5.SYS> ================================== Browser Add-ons [] {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} [Java Plug-in 1.5.0_05] {08B0E5C0-4FCB-11CF-AAA5-00401C608501} [BlogThisToolbarButton Class] {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} [&Rechercher] {92780B25-18CC-41C8-B9BE-3C9C571A8263} [Aide à la connexion] {E2D4D26B-0180-43a4-B05F-462D6D54C789} <, N/A> [] {e2e2dd38-d088-4134-82b7-f2ba38496583} <%windir%\Network Diagnostic\xpnetdiag.exe, N/A> [Messenger] {FB5F1910-F110-11d2-BB9E-00C04F795683} [QuickTime Object] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [MSN Photo Upload Tool] {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [MUWebControl Class] {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [Java Plug-in 1.5.0_05] {8AD9C840-044E-11D1-B3E9-00805F499D93} [Java Plug-in 1.5.0_05] {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [Microsoft Office Template and Media Control] {02BCC737-B171-4746-94C9-0D8A0B2C0089} [QuickTime Object] {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} [ActiveMovieControl Object] {05589FA1-C356-11CE-BF01-00AA0055595A} [Aide pour le lien d'Adobe PDF Reader] {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} [Windows Genuine Advantage Validation Tool] {17492023-C23A-453E-A040-C7C580BBF700} [InformationCardSigninHelper Class] {19916E01-B44E-4E31-94A4-4696DF46157B} [Windows Media Player] {22D6F312-B0F6-11D0-94AB-0080C74C7E95} [HTML Document] {25336920-03F9-11CF-8FD0-00AA00686F13} [XML DOM Document] {2933BF90-7B36-11D2-B20E-00C04F983E60} [XSL Template] {2933BF94-7B36-11D2-B20E-00C04F983E60} [RealPlayer RAM Download Handler] {2F542A2E-EDC9-4BF7-8CB1-87C9919F7F93} [HtmlDlgSafeHelper Class] {3050F819-98B5-11CF-BB82-00AA00BDCE0B} [IETag Factory] {38481807-CA0E-42D2-BF39-B33AF135CC4D} [QuickTime Object] {4063BE15-3B08-470D-A0D5-B37161CFFD69} [Microsoft Office Control] {4453D895-F2A1-4A38-A285-1EF9BD3F6D5D} [XML Document] {48123BC4-99D9-11D1-A6B3-00C04FD91555} [Windows Desktop Search Combo Control] {4E430174-1673-4FF3-BF28-A3B37F6573E7} [] {4F07F79F-087F-42CF-8B36-7A88D06088E9} [MSN Photo Upload Tool] {4F1E5B1A-2A80-42CA-8532-2D05CB959537} [] {53707962-6F74-2D53-2644-206D7942484F} [Shell Name Space] {55136805-B2DE-11D1-B9F2-00A0C98BC547} [WUWebControl Class] {6414512B-B978-451D-A0D8-FCFDF33E833C} [Windows Media Player] {6BF52A52-394A-11D3-B153-00C04F79FAA6} [MUWebControl Class] {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} [Active Desktop Mover] {72267F6A-A6F9-11D0-BC94-00C04FB67863} <%SystemRoot%\system32\SHELL32.dll, N/A> [Windows Media Services DRM Storage object] {760C4B83-E211-11D2-BF3E-00805FBE84A6} [Microsoft Web Browser] {8856F961-340A-11D0-A96B-00C04FD705A2} [Java Plug-in 1.5.0_05] {8AD9C840-044E-11D1-B3E9-00805F499D93} [Programme d'aide de l'Assistant de connexion Windows Live] {9030D464-4C02-4ABF-8ECC-5164760863C6} [RMGetLicense Class] {A9FC132B-096D-460B-B7D5-1DB0FAE0C062} [SearchAssistantOC] {B45FF030-4447-11D2-85DE-00C04FA35C89} <%SystemRoot%\system32\shdocvw.dll, N/A> [] {B69003B3-C55E-4B48-836C-BC5946FC3B28} [RDS.DataSpace] {BD96C556-65A3-11D0-983A-00C04FC29E36} [Helper Class] {BF0118D4-63FF-4138-9327-F3028FB1A578} [AUDIO__MID Moniker Class] {CD3AFA74-B84F-48F0-9393-7EDC34128127} [AUDIO__MP3 Moniker Class] {CD3AFA76-B84F-48F0-9393-7EDC34128127} [AUDIO__WAV Moniker Class] {CD3AFA7B-B84F-48F0-9393-7EDC34128127} [AUDIO__X_MS_WMA Moniker Class] {CD3AFA84-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_ASF Moniker Class] {CD3AFA8F-B84F-48F0-9393-7EDC34128127} [VIDEO__X_MS_WMV Moniker Class] {CD3AFA94-B84F-48F0-9393-7EDC34128127} [RealPlayer G2 Control] {CFCDAA03-8BE4-11CF-B84B-0020AFBBCCFA} [Contrôle de l'Assistant de connexion Windows Live] {D2517915-48CE-4286-970F-921E881B8C5C} [Shockwave Flash Object] {D27CDB6E-AE6D-11CF-96B8-444553540000} [] {E1771B7F-98BE-407F-BA67-AA16ADA5D0C5} [NameCtrl Class] {E18FEC31-2EA1-49A2-A7A6-902DC0D1FF05} [XML HTTP Request] {ED8C108E-4349-11D2-91A4-00C04F7969E8} [] {F06608C7-1874-4EEA-B3B2-DF99EBB144B8} [Runclose Control] {F31D1897-7EFD-4647-8687-E05894E382AB} [JScript Language] {F414C260-6AC0-11CF-B6D1-00AA00BBBB58} [XML DOM Document 3.0] {F5078F32-C551-11D3-89B9-0000F81FE221} [XML DOM Document] {F6D90F11-9C73-11D3-B32E-00C04F990BB4} [Free Threaded XML DOM Document] {F6D90F12-9C73-11D3-B32E-00C04F990BB4} [XML HTTP] {F6D90F16-9C73-11D3-B32E-00C04F990BB4} [] {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} [IERPCtl Class] {FDC7A535-4070-4B92-A0EA-D9994BCC0DC5} [E&xporter vers Microsoft Excel] ================================== Running Processes [PID: 784 / SYSTEM][\SystemRoot\System32\smss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 860 / SYSTEM][\??\C:\WINDOWS\system32\csrss.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 888 / SYSTEM][\??\C:\WINDOWS\system32\winlogon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Ati2evxx.dll] [ATI Technologies Inc., 6.14.10.4119] [C:\WINDOWS\system32\WgaLogon.dll] [Microsoft Corporation, 1.7.0018.5] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 936 / SYSTEM][C:\WINDOWS\system32\services.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\AppPatch\AcAdProc.dll] [Microsoft Corporation, 5.1.2600.3008 (xpsp.061004-0027)] [PID: 948 / SYSTEM][C:\WINDOWS\system32\lsass.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1096 / SYSTEM][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4119] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497] [PID: 1108 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1180 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1216 / SYSTEM][C:\WINDOWS\System32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\WINDOWS\system32\wups2.dll] [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)] [PID: 1256 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [c:\windows\system32\wudfsvc.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)] [c:\windows\system32\WUDFPlatform.dll] [Microsoft Corporation, 6.0.5716.32 (winmain(wmbla).060928-1756)] [PID: 1404 / SERVICE RÉSEAU][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 1456 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [PID: 1788 / SYSTEM][C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe] [Lavasoft, 7,0,2,6] [C:\Program Files\Lavasoft\Ad-Aware 2007\CEAPI.dll] [Lavasoft, 7,0,2,6] [C:\Program Files\Lavasoft\Ad-Aware 2007\PKArchive85u.dll] [PKWARE, Inc., 8.4.1045.0] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\Program Files\Lavasoft\Ad-Aware 2007\Update.dll] [, 7, 0, 2, 6] [PID: 1804 / SYSTEM][C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 1856 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashServ.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswInteg.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswIdle.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\UNACEV2.DLL] [N/A, ] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ahResMes.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResNS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResOut.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ahResP2P.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResStd.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResWS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashSSqlt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswRes.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 240 / SYSTEM][C:\WINDOWS\system32\spoolsv.exe] [Microsoft Corporation, 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] [C:\WINDOWS\system32\HpTcpMon.dll] [Hewlett Packard, 5.01.00.011] [C:\WINDOWS\system32\hpzjrd01.dll] [Hewlett Packard, 2.01.00.001] [C:\WINDOWS\system32\HPTcpMUI.dll] [Microsoft Corporation, 5.01.00.011] [C:\WINDOWS\system32\hptcpmib.dll] [Hewlett Packard, 5.01.00.011] [C:\WINDOWS\system32\hpzlnt12.dll] [HP, 2.335.5.0] [C:\WINDOWS\system32\mdimon.dll] [Microsoft Corporation, 11.3.8166.2] [C:\WINDOWS\System32\spool\PRTPROCS\W32X86\mdippr.dll] [Microsoft Corporation, 11.3.8166.2] [PID: 436 / SERVICE LOCAL][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 468 / SYSTEM][C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe] [France Telecom SA, 12.1.42.48 ] [C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\IfHelper.dll] [France Telecom SA, 12.1.42.48 ] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [PID: 568 / SYSTEM][C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe] [Sunbelt Software, 4.5.916.0] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoFoundation.dll] [N/A, ] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoXML.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoExt.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\kfe.dll] [Sunbelt Software, 4.3.182.0] [C:\Program Files\Sunbelt Software\Personal Firewall\LIBEAY32.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\SSLEAY32.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\curllib.dll] [The cURL library, https://curl.se/ 7.15.2] [C:\Program Files\Sunbelt Software\Personal Firewall\kwsapi.dll] [Sunbelt Software, 4.3.182.0] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [PID: 648 / SYSTEM][C:\WINDOWS\system32\svchost.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 772 / SYSTEM][C:\WINDOWS\system32\SearchIndexer.exe] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\TQUERY.DLL] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\PROPSYS.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\msstrc.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\mssrch.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\propdefs.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\XmlLite.dll] [Microsoft Corporation, 1.00.1018.0] [C:\WINDOWS\system32\fr-fr Query.dll.mui] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\msscb.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\mssprxy.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [PID: 1668 / SYSTEM][C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe] [Sunbelt Software, 4.5.916.0] [C:\Program Files\Sunbelt Software\Personal Firewall\LIBEAY32.dll] [N/A, ] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Sunbelt Software\Personal Firewall\SSLEAY32.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoFoundation.dll] [N/A, ] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoXML.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoExt.dll] [N/A, ] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [PID: 540 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\AhResMai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\langmai.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 1288 / SYSTEM][C:\Program Files\Alwil Software\Avast4\ashWebSv.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Alwil Software\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\ashWsFtr.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswScan.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\AhResWs.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\aswEngin.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 2128 / SERVICE LOCAL][C:\WINDOWS\System32\alg.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 3020 / dior][C:\WINDOWS\system32\Ati2evxx.exe] [ATI Technologies Inc., 6.14.10.4119] [C:\WINDOWS\system32\Ati2edxx.dll] [ATI Technologies, Inc., 6, 14, 10, 2497] [PID: 3132 / dior][C:\WINDOWS\Explorer.EXE] [Microsoft Corporation, 6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\Program Files\Windows Desktop Search\deskbar.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\Program Files\Windows Desktop Search\fr-fr\dbres.dll.mui] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\Program Files\Windows Desktop Search\dbres.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\Program Files\Windows Desktop Search\wordwheel.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [C:\Program Files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\Program Files\Windows Desktop Search\msnlExtRes.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\WINDOWS\system32\WPDShServiceObj.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceTypes.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\WINDOWS\system32\PortableDeviceApi.dll] [Microsoft Corporation, 5.2.5721.5145 (WMP_11.061018-2006)] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0] [C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll] [Panicware, Inc., 1, 0, 0, 1008] [C:\WINDOWS\system32\LQCUI2.dll] [Logitech Inc., 8.4.6.1012] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll] [Adobe Systems, Inc., 8.1.0.0] [C:\Program Files\WinRAR arext.dll] [N/A, ] [C:\Program Files\Alwil Software\Avast4\ashShell.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [PID: 3196 / dior][C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe] [Sunbelt Software, 4.5.916.0] [C:\Program Files\Sunbelt Software\Personal Firewall\LIBEAY32.dll] [N/A, ] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\Program Files\Sunbelt Software\Personal Firewall\SSLEAY32.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoFoundation.dll] [N/A, ] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoXML.dll] [N/A, ] [C:\Program Files\Sunbelt Software\Personal Firewall\PocoExt.dll] [N/A, ] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [PID: 3956 / dior][C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe] [Sun Microsystems, Inc., 5.0.50.5] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [PID: 3968 / dior][C:\windows\system\hpsysdrv.exe] [Hewlett-Packard Company, 1, 7, 0, 0] [PID: 3976 / dior][C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe] [ATI Technologies, Inc., 6.14.10.5166] [C:\Program Files\ATI Technologies\ATI Control Panel\atipdsxx.dll] [ATI Technologies, Inc., 6.14.10.5166] [C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATRPUIXX.FRA] [ATI Technologies, Inc., 6.14.10.5166] [C:\Program Files\ATI Technologies\ATI Control Panel\atipdxxx.dll] [ATI Technologies, Inc., 6.14.10.5166] [PID: 3992 / dior][C:\WINDOWS\ALCXMNTR.EXE] [Realtek Semiconductor Corp., 1.5] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [PID: 4040 / dior][C:\HP\KBD\KBD.EXE] [Hewlett-Packard Company, 1.0.2.2.20205] [C:\HP\KBD\led.dll] [Hewlett-Packard Company, 1.0.2.0] [C:\HP\KBD\USB.dll] [Hewlett-Packard Company, 1.0.2.2.071205] [C:\HP\KBD\ps2.dll] [Hewlett-Packard Company, 1.0.2.2.112404] [C:\HP\KBD\msg.dll] [Hewlett-Packard Company, 1.0.2.2.112404] [C:\HP\KBD\osd.dll] [Hewlett-Packard Company, 1.0.2.2.071105] [C:\HP\KBD\sct.dll] [Hewlett-Packard Company, 1.0.2.2.32205] [C:\HP\KBD\onl.dll] [Hewlett-Packard Company, 1.0.2.2.052705] [C:\HP\KBD\aol.dll] [Hewlett-Packard Company, 1.0.2.2.071105] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\HP\KBD\url.dll] [Hewlett-Packard Company, 1.0.2.2.071105] [C:\HP\KBD\cfg.dll] [Hewlett-Packard Company, 1.0.2.1] [C:\HP\KBD\MSIKBDIF.DLL] [Hewlett-Packard Company, 1.0.2.0] [PID: 2152 / dior][C:\Program Files\HP\HP Software Update\HPwuSchd2.exe] [Hewlett-Packard Co., 53.0.13.000] [PID: 2192 / dior][C:\WINDOWS\system32\LVCOMSX.EXE] [Logitech Inc., 8.4.1.1092] [C:\WINDOWS\system32\lvmaenum.dll] [Logitech Inc., 8.4.1.1092] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\lvcomcx.dll] [Logitech Inc., 8.4.1.1092] [PID: 2212 / dior][C:\Program Files\Logitech\Video\LogiTray.exe] [Logitech Inc., 8.4.6.1012] [C:\Program Files\Logitech\Video\QCUI2.dll] [Logitech Inc., 8.4.6.1012] [C:\Program Files\Logitech\Video\LTWVC12n.dll] [LEAD Technologies, Inc., 12.1.0.058] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Logitech\Video\LTFIL12n.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LTKRN12n.dll] [LEAD Technologies, Inc., 12.1.0.058] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\Program Files\Logitech\Video\LQCUI2.dll] [Logitech Inc., 8.4.6.1012] [C:\Program Files\Logitech\Video\LLogTray.dll] [Logitech Inc., 8.4.6.1012] [C:\Program Files\Logitech\Video\LTDIS12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LTIMG12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LTEFX12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LFFAX12N.DLL] [LEAD Technologies, Inc., 12.1.0.020] [C:\Program Files\Logitech\Video\LFCMP12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LFTIF12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\Program Files\Logitech\Video\LFBMP12N.DLL] [LEAD Technologies, Inc., 12.1.0.058] [C:\WINDOWS\system32\lvmaenum.dll] [Logitech Inc., 8.4.1.1092] [C:\WINDOWS\system32\lvcomcx.dll] [Logitech Inc., 8.4.1.1092] [C:\Program Files\Logitech\Video\FXSvrps.dll] [Logitech Inc., 8.4.6.1012] [PID: 2244 / dior][C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe] [RealNetworks, Inc., 0.1.0.3292] [PID: 2284 / dior][C:\WINDOWS\system32 undll32.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 2296 / dior][C:\Program Files\QuickTime\qttask.exe] [Apple Computer, Inc., 7.1.3] [PID: 2436 / dior][C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnOS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\PROGRA~1\ALWILS~1\Avast4\ashBase.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnB.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswCmnS.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashTask.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\aswAux.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\Aavm4h.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Base.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\Program Files\Alwil Software\Avast4\French\Lang.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\PROGRA~1\ALWILS~1\Avast4\AavmRpch.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruimai.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\ashUInt.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\PROGRA~1\ALWILS~1\Avast4\XT1922.dll] [Codejock Software, 1, 9, 4, 0] [c:\program files\alwil software\avast4\ahruimes.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruins.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruiout.dll] [ALWIL Software, 4, 7, 1098, 0] [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [c:\program files\alwil software\avast4\ahruip2p.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruistd.dll] [ALWIL Software, 4, 7, 1098, 0] [c:\program files\alwil software\avast4\ahruiws.dll] [ALWIL Software, 4, 7, 1098, 0] [PID: 2444 / dior][C:\Program Files\Logitech\Video\FxSvr2.exe] [Logitech Inc., 8.4.6.1012] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\lvmaenum.dll] [Logitech Inc., 8.4.1.1092] [C:\WINDOWS\system32\lvcomcx.dll] [Logitech Inc., 8.4.1.1092] [C:\Program Files\Logitech\Video\FXSvrps.dll] [Logitech Inc., 8.4.6.1012] [PID: 2464 / dior][C:\WINDOWS\system32\ctfmon.exe] [Microsoft Corporation, 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] [PID: 764 / dior][C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe] [Panicware, Inc., 3, 1, 0, 1014] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll] [Panicware, Inc., 1, 0, 0, 1008] [C:\PROGRA~1\PANICW~1\POP-UP~1\XA\psie6.dll] [Panicware, 1, 0, 0, 1002] [C:\PROGRA~1\PANICW~1\POP-UP~1\XA\pswmsg.dll] [Panicware, 1, 0, 0, 1003] [C:\PROGRA~1\PANICW~1\POP-UP~1\XA\psgain3.dll] [Panicware, 1, 0, 0, 1003] [C:\PROGRA~1\PANICW~1\POP-UP~1\XA\psns7.dll] [Panicware, 1, 0, 0, 1004] [C:\PROGRA~1\PANICW~1\POP-UP~1\XA\psns4.dll] [Panicware, 1, 0, 0, 1004] [PID: 1208 / dior][C:\Program Files\Ares\Ares.exe] [Ares Development Group, 2.0.9.3030] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\amstream.dll] [, ] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\WINDOWS\system32\mpg2splt.ax] [, ] [C:\WINDOWS\system32\MSCOREE.DLL] [Microsoft Corporation, 2.0.50727.253 (QFE.050727-2500)] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\fusion.dll] [Microsoft Corporation, 1.1.4322.2032] [C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [c:\Program Files\HP\Digital Imaging\bin\LCodcCMP.dll] [LEAD Technologies, Inc., 1.0.0.021] [C:\WINDOWS\system32\lvcodec2.dll] [Logitech Inc., 8.4.6.1016] [C:\WINDOWS\system32\Samsung PC Studio Codecs\Mpeg4DSF.dll] [, 0.0.0.0] [C:\WINDOWS\system32\Samsung PC Studio Codecs\Pal.dll] [InterObject Ltd., 0, 0, 22, 0] [C:\WINDOWS\system32\Samsung PC Studio Codecs\Mpeg4System.dll] [N/A, ] [C:\WINDOWS\system32\Samsung PC Studio Codecs\Mpeg4Tools.dll] [N/A, ] [C:\WINDOWS\system32\Samsung PC Studio Codecs\AMRDSF.dll] [, 0.0.0.0] [C:\WINDOWS\system32\Samsung PC Studio Codecs\EvrcDecDll.dll] [N/A, ] [C:\WINDOWS\system32\Samsung PC Studio Codecs\AMR.dll] [, 0.0.0.0] [C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll] [Panicware, Inc., 1, 0, 0, 1008] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [PID: 2920 / dior][C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpquio08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpqtra08.rsc] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpqtao08.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpotra08.dll] [Hewlett-Packard Co., 50.0.214.000] [c:\Program Files\HP\Digital Imaging\bin\hpotra08.rsc] [Hewlett-Packard Co., 50.0.214.000] [c:\Program Files\HP\Digital Imaging\bin\hpodio08.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpotradd.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\Unload\hpiCamTA.dll] [Hewlett-Packard, 5.0.0.247] [C:\WINDOWS\system32\MFC71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCR71.dll] [Microsoft Corporation, 7.10.3052.4] [C:\WINDOWS\system32\ATL71.DLL] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MSVCP71.dll] [Microsoft Corporation, 7.10.3077.0] [C:\WINDOWS\system32\MFC71FRA.DLL] [Microsoft Corporation, 7.10.3077.0] [c:\Program Files\HP\Digital Imaging\Unload\HpqUnRes.dll] [, ] [c:\Program Files\HP\Digital Imaging\bin\hpqmif08.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hphtra08.dll] [Hewlett-Packard, 8,1,0,12] [c:\Program Files\HP\Digital Imaging\bin\HpqUtil.dll] [, 5.0.0.247] [c:\Program Files\HP\Digital Imaging\bin\hpodvd09.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\Program Files\HP\Digital Imaging\bin\hpoddcomm09.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\WINDOWS\system32\hpzidr12.dll] [HP, 9, 0, 0, 0] [C:\WINDOWS\system32\hpzipr12.dll] [HP, 9, 0, 0, 0] [PID: 3044 / dior][C:\Program Files\Windows Desktop Search\WindowsSearch.exe] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\uncdms.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\mssprxy.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\oeph.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\WINDOWS\system32\mssph.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\TQUERY.DLL] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\PROPSYS.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\MAPI32.dll] [Microsoft Corporation, 1.0.2536.0 (XPClient.010817-1148)] [C:\WINDOWS\system32\msstrc.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\Program Files\Windows Desktop Search\fr-fr\WindowsSearchRes.dll.mui] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\Program Files\Windows Desktop Search\WindowsSearchRes.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\Program Files\Windows Desktop Search\WdsMktTools.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [PID: 1516 / dior][c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpqmfc09.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpqtap08.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpqcxm08.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.rsc] [Hewlett-Packard Co., 53.0.13.000] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [c:\Program Files\HP\Digital Imaging\bin\hpqsti08.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpqcob08.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpqstp08.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpodio08.dll] [Hewlett-Packard Co., 53.0.13.000] [c:\Program Files\HP\Digital Imaging\bin\hpocxi08.dll] [Hewlett-Packard Co., 53.0.13.000] [C:\WINDOWS\system32\hpzipr12.dll] [HP, 9, 0, 0, 0] [C:\WINDOWS\system32\hpzidr12.dll] [HP, 9, 0, 0, 0] [c:\Program Files\HP\Digital Imaging\bin\hpqsem08.rsc] [Hewlett-Packard Co., 53.0.13.000] [PID: 1056 / dior][C:\Program Files\Windows Live\Messenger\msnmsgr.exe] [Microsoft Corporation, 8.5.1302.1018] [C:\Program Files\Windows Live\Messenger\MSNCore.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\Program Files\Windows Live\Messenger\msidcrl40.dll] [Microsoft Corporation, 4.100.313.1] [C:\Program Files\Windows Live\Messenger\ContactsUX.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\Program Files\Windows Live\Messenger\msgslang.8.5.1302.1018.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\Program Files\Windows Live\Messenger\msgsres.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\Program Files\Windows Live\Messenger\lcapi.dll] [Microsoft Corporation, 1.7.256.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)] [C:\WINDOWS\system32\msdmo.dll] [, ] [C:\Program Files\Windows Live\Messenger\lcres.dll] [Microsoft Corp., 1.7.109.0 (RTC Version 4.3.5371.0) built by: msn8.0(rtbldlab)] [C:\Program Files\Windows Live\Messenger\RTMPLTFM.dll] [Microsoft Corporation, 3.0.5774.0 built by: media_msn80] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Windows Live\Messenger\MSGSWCAM.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\WINDOWS\system32\sirenacm.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll] [Panicware, Inc., 1, 0, 0, 1008] [C:\Program Files\Windows Live\Messenger\lmcdata.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\Program Files\Windows Live\Messenger\abssm.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\Program Files\Windows Live\Messenger\dfsr.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\Program Files\Windows Live\Messenger\custsat.dll] [Microsoft Corporation, 9.0.3790.2428 (srv03_sp1_qfe.050422-1043)] [C:\Program Files\Windows Live\Messenger\usnsvcps.dll] [Microsoft Corporation, 8.5.1302.1018] [C:\WINDOWS\system32\mfplat.dll] [Microsoft Corporation, 11.0.5721.5145 (WMP_11.061018-2006)] [C:\Program Files\Windows Live\Messenger\contact.dll] [Microsoft Corporation, 8.5.1302.1018] [PID: 1588 / SYSTEM][C:\Program Files\Windows Live\Messenger\usnsvc.exe] [Microsoft Corporation, 8.5.1302.1018] [C:\Program Files\Windows Live\Messenger\usnsvcps.dll] [Microsoft Corporation, 8.5.1302.1018] [PID: 3700 / dior][C:\Program Files\Mozilla Firefox\firefox.exe] [Mozilla Corporation, 1.8.1.11: 2007112718] [C:\Program Files\Mozilla Firefox\js3250.dll] [Netscape Communications Corporation, 4.0] [C:\Program Files\Mozilla Firefox spr4.dll] [Netscape Communications Corporation, 4.6.7] [C:\Program Files\Mozilla Firefox\xpcom_core.dll] [Mozilla Foundation, 1.8.1.11: 2007112718] [C:\Program Files\Mozilla Firefox\plc4.dll] [Netscape Communications Corporation, 4.6.7] [C:\Program Files\Mozilla Firefox\plds4.dll] [Netscape Communications Corporation, 4.6.7] [C:\Program Files\Mozilla Firefox\smime3.dll] [Mozilla Foundation, 3.11.5 Basic ECC] [C:\Program Files\Mozilla Firefox ss3.dll] [Mozilla Foundation, 3.11.5 Basic ECC] [C:\Program Files\Mozilla Firefox\softokn3.dll] [Mozilla Foundation, 3.11.4 Basic ECC] [C:\Program Files\Mozilla Firefox\ssl3.dll] [Mozilla Foundation, 3.11.5 Basic ECC] [C:\Program Files\Mozilla Firefox\xpcom_compat.dll] [Mozilla Foundation, 1.8.1.11: 2007112718] [C:\Program Files\Mozilla Firefox\components\myspell.dll] [Mozilla Foundation, 1.8.1.11: 2007112718] [C:\Program Files\Mozilla Firefox\components\jar50.dll] [Mozilla Foundation, 1.8.1.11: 2007112718] [C:\Program Files\Mozilla Firefox\extensions alkback@mozilla.org\components\qfaservices.dll] [Mozilla Foundation, 1.8.1.11: 2007112718] [C:\Program Files\Mozilla Firefox\extensions alkback@mozilla.org\components\FULLSOFT.DLL] [Full Circle Software, Inc., 2.2.unofficial] [C:\Documents and Settings\dior\Application Data\Mozilla\Firefox\Profiles\1rsecd5t.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\metrics.dll] [N/A, ] [C:\Program Files\Mozilla Firefox\xpcom.dll] [Mozilla Foundation, 1.8.1.11: 2007112718] [C:\Documents and Settings\dior\Application Data\Mozilla\Firefox\Profiles\1rsecd5t.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\components\googletoolbar.dll] [N/A, ] [C:\WINDOWS\system32\Normaliz.dll] [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)] [C:\WINDOWS\system32\iertutil.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\Program Files\Mozilla Firefox\freebl3.dll] [Mozilla Foundation, 3.11.4 Basic ECC] [C:\Program Files\Mozilla Firefox ssckbi.dll] [Mozilla Foundation, 1.64] [C:\Program Files\Mozilla Firefox\components\spellchk.dll] [Mozilla Foundation, 1.8.1.11: 2007112718] [C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll] [Panicware, Inc., 1, 0, 0, 1008] [C:\WINDOWS\system32\msacm32.drv] [Microsoft Corporation, 5.1.2600.0 (xpclient.010817-1148)] [C:\Program Files\Microsoft Office\OFFICE11\msohev.dll] [Microsoft Corporation, 11.0.5510] [C:\WINDOWS\system32\ieframe.dll] [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)] [C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll] [Microsoft Corporation, 6.0.6000.16431 (vista_gdr(wmbla).070205-1422)] [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA] [Adobe Systems, Inc., 8.0.0.0] [PID: 2748 / dior][C:\Documents and Settings\marionette\Mes documents\LOGICIEL\PhotoFiltre.exe] [Antonio Da Cruz, 6.2.7.0] [C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll] [Panicware, Inc., 1, 0,

Helpmei34 · Answer

Fin du rapport:

  [C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll]  [Panicware, Inc., 1, 0, 0, 1008]
    [C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.FRA]  [Adobe Systems, Inc., 8.0.0.0]
[PID: 3144 / SYSTEM][C:\WINDOWS\system32\wuauclt.exe]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
    [C:\WINDOWS\system32\wups2.dll]  [Microsoft Corporation, 7.0.6000.381 (winmain(wmbla).070730-1740)]
[PID: 2536 / dior][C:\Documents and Settings\dior\Bureau\SREngPS.EXE]  [Smallfrogs Studio, 2.5.16.900]
    [C:\WINDOWS\system32\Normaliz.dll]  [Microsoft Corporation, 6.0.5441.0 (winmain(wmbla).060628-1735)]
    [C:\WINDOWS\system32\iertutil.dll]  [Microsoft Corporation, 7.00.6000.16574 (vista_gdr.071008-1500)]
    [C:\Documents and Settings\dior\Bureau\Upload\3rdUpd.DLL]  [Smallfrogs Studio, 2, 1, 0, 15]
    [C:\PROGRA~1\PANICW~1\POP-UP~1\XAHook.dll]  [Panicware, Inc., 1, 0, 0, 1008]

==================================
File Associations
.TXT  OK. [%SystemRoot%\system32\NOTEPAD.EXE %1]
.EXE  OK. ["%1" %*]
.COM  OK. ["%1" %*]
.PIF  OK. ["%1" %*]
.REG  OK. [regedit.exe "%1"]
.BAT  OK. ["%1" %*]
.SCR  OK. ["%1" /S]
.CHM  OK. ["C:\WINDOWS\hh.exe" %1]
.HLP  OK. [%SystemRoot%\System32\winhlp32.exe %1]
.INI  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.INF  OK. [%SystemRoot%\System32\NOTEPAD.EXE %1]
.VBS  OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.JS   OK. [%SystemRoot%\System32\WScript.exe "%1" %*]
.LNK  OK. [{00021401-0000-0000-C000-000000000046}]

==================================
Winsock Provider
N/A

==================================
Autorun.Inf
N/A

==================================
HOSTS File
127.0.0.1 localhost

==================================
Process Privileges Scan
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3956, C:\PROGRAM FILES\JAVA\JRE1.5.0_05\BIN\JUSCHED.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3968, C:\WINDOWS\SYSTEM\HPSYSDRV.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 3976, C:\PROGRAM FILES\ATI TECHNOLOGIES\ATI CONTROL PANEL\ATIPTAXX.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 4040, C:\HP\KBD\KBD.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2152, C:\PROGRAM FILES\HP\HP SOFTWARE UPDATE\HPWUSCHD2.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2192, C:\WINDOWS\SYSTEM32\LVCOMSX.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2212, C:\PROGRAM FILES\LOGITECH\VIDEO\LOGITRAY.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2244, C:\PROGRAM FILES\FICHIERS COMMUNS\REAL\UPDATE_OB\REALSCHED.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2296, C:\PROGRAM FILES\QUICKTIME\QTTASK.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2444, C:\PROGRAM FILES\LOGITECH\VIDEO\FXSVR2.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 764, C:\PROGRA~1\PANICW~1\POP-UP~1\PSFREE.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1208, C:\PROGRAM FILES\ARES\ARES.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2920, C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQTRA08.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 1516, C:\PROGRAM FILES\HP\DIGITAL IMAGING\BIN\HPQSTE08.EXE]
Special Privilege Enabled: SeLoadDriverPrivilege [PID = 2748, C:\DOCUMENTS AND SETTINGS\MARIONETTE\MES DOCUMENTS\LOGICIEL\PHOTOFILTRE.EXE]

==================================
API HOOK
Entrypoint Error: CreateProcessA (Dangerous Level: High,  Hooked by Module: 0x00130239)
Entrypoint Error: CreateProcessW (Dangerous Level: High,  Hooked by Module: 0x001302C5)
Entrypoint Error: CreateRemoteThread (Dangerous Level: High,  Hooked by Module: 0x001304F5)
Entrypoint Error: CreateThread (Dangerous Level: High,  Hooked by Module: 0x00130581)
Entrypoint Error: WriteProcessMemory (Dangerous Level: High,  Hooked by Module: 0x00130699)
Entrypoint Error: SetWindowsHookExA (Dangerous Level: High,  Hooked by Module: 0x00130725)
Entrypoint Error: SetWindowsHookExW (Dangerous Level: High,  Hooked by Module: 0x001307B1)

==================================
Hidden Process
N/A

==================================


/CODE

Helpmei34 · Answer

G!rly?

g!rly · Answer

salut helpmei34,

je n´ai pas encore regardé le rapport de sreng, je le fais maintenant et te dis...

@ toute.

Helpmei34 · Answer

Merci beaucoup à toi !

g!rly · Answer

re,

ouvre a nouveau icesword > double-clique sur icesword.exe

Choisis la fonction "file" en bas à gauche. Par l'arboressence fournie, choisis ce fichier :

C:\WINDOWS\system32\iphttphl4.dll

Fais un clic droit dessus et choisis "delete".

Choisis le bouton "function" puis le bouton BHO. Fais un clic droit sur cette BHO et choisis delete :
{FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB}

dis moi quoi

@+

Helpmei34 · Answer

Je dois effacer cela ({FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} ) après ?

Helpmei34 · Answer

Je ne le vois pas... Je suis allée dans Windows mais je n'ai pas le system32..

g!rly · Answer

re,

ca ne fonctionne pas avec icesword ?

tu as obligatoirement le system 32

fais ceci peut etre pour le voir :

Désactive ta restauration système:
pour cela :
Click droit sur poste de travail, dans l´arborescence sur propriétés; 
dans la nouvelle fenettre click sur l´onglet restauration système;
coche la case désactiver la restauration systèm et applique.
puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés; 
dans la nouvelle fenettre click sur l´onglet restauration systèm
décoche la case désactiver la restauration systèm et applique. 

@+

Helpmei34 · Answer

Elle n'est pas activée... j'ai cherché mais je ne trouve pas ce système 32... je t'envoie la capture par message privé

g!rly · Answer

re,

oui j´ai vu ta capture d´ecran, si tu developpe le dossier windows dans icesword tu ne voie toujours pas system32?

@´+

Helpmei34 · Answer

Non, comme tu as pu le voir j'avais déja cliqué sur le dossier sans résultat...

g!rly · Answer

re,

on va essayer comme ceci :

#  Télécharge DiagHelp sur ton bureau:

http://www.malekal.com/download/DiagHelp.zip

# Décompresse l'archive sur ton bureau
# Dans le dossier DiagHelp que tu viens d'extraire, double-clique sur catchme.exe
# Deux fenêtres vont s'ouvrir: dans celle qui est grise, va dans l'onglet "script"
# Copie-colle ce texte dans l'onglet "script":

files to kill:
C:\WINDOWS\system32\iphttphl4.dll

*  Clique sur "run"
* Redémarre le PC
* Une fois redémarré repost un rapport hijack this stp

@+

Helpmei34 · Answer

Il me dise qu'il ne trouve pas le fichier...

Helpmei34 · Answer

On a touché à quelque chose qu'il ne fallait pas... ?

g!rly · Answer

re,

oui c´est un peut ce que je me disait...

le probleme c´est qu´il reste la cle de registre; 

On a touché à quelque chose qu'il ne fallait pas... ?

non; 

comment va ton pc a part ca?

@+

Helpmei34 · Answer

Re,

Ben de nouvelles attaques de chevaux de troie, hier un peu lent à s'éteindre, la connexion se déconnecte souvent sans raison...

g!rly · Answer

salut helpmei34,

t´es t-il possible de reesayer combofix stp

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe      

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt
Note2 : pendant le scan deconecte toi du net /coupe la connection; eteinds tes protections > antivirus / par feu et ne touche a rien meme pas a la sourie.

dis moi quoi ou post le rapport ici stp

@+

Helpmei34 · Answer

Je me suis trompée d'icone j'ai fait un comboscan je crois, je poste quand même le rappport:

Deckard's System Scanner v20071014.68
Run by dior on 2008-01-31 16:52:30
Computer is in Normal Mode.
--------------------------------------------------------------------------------



-- HijackThis (run as dior.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:52, on 2008-01-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\dior\Bureau\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\dior.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O2 - BHO: (no name) - {FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB} - C:\WINDOWS\system32\iphttphl4.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: ffdshow
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

g!rly · Answer

re,

oui je voie ca, 

peux tu essayer de faire combofix stp

@+

Helpmei34 · Answer

Oui je suis entrain de le faire :)

Helpmei34 · Answer

Toujours rien.. Y a quand même tu mieux car il ne fait plus buger l'ordi à la fin du compte rendu...

g!rly · Answer

re,

tu n´arrives pas a poster le rapport?

c:\combofix.txt

@+

Helpmei34 · Answer

Je suis allée dans "exéxuter" pour chercher le rapport et ils me disent qu'ils n'ont rien..

g!rly · Answer

c´est le chemin du fichier
pas a faire dans executer
@+

Helpmei34 · Answer

Sorry je pensais que c'était pareil... Le voici

ComboFix 08-01-23.2 - dior 2008-01-31 17:06:28.6 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.493 [GMT 1:00]
Endroit: C:\Documents and Settings\dior\Bureau\ComboFix.exe
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
C:\WINDOWS\Temp\55303335.exe
C:\WINDOWS\Temp\83446251.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-28 to 2008-01-31 ))))))))))))))))))))))))))))))))))))
.

2008-01-25 23:27 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-25 23:27 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-25 23:27 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2008-01-25 23:27 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-25 23:27 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-25 23:27 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-25 23:27 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-25 23:27 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-24 16:07 . 2008-01-24 16:07 <REP> d-------- C:\Deckard
2008-01-23 19:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 19:18 . 2008-01-23 19:18 <REP> d-------- C:\Program Files\Trend Micro
2008-01-23 13:56 . 2008-01-23 13:56 258,121 --a------ C:\WINDOWS\system32\sysdamp.exe
2008-01-22 21:51 . 2008-01-22 21:51 <REP> d-------- C:\Program Files\Sunbelt Software
2008-01-22 20:38 . 2008-01-22 20:39 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-22 18:33 . 2008-01-22 18:33 3,072 --a------ C:\WINDOWS\~DFB428.tmp
2008-01-22 16:50 . 2008-01-22 16:50 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-21 20:19 . 2008-01-22 20:31 58,368 --a------ C:\upaq.exe
2008-01-19 16:26 . 2008-01-19 16:26 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-15 11:51 . 2008-01-15 11:51 <REP> d-------- C:\PagesPro2007
2008-01-05 23:53 . 2008-01-05 23:53 <REP> d-------- C:\Programme
2008-01-05 23:46 . 2008-01-05 23:49 37 --a------ C:\WINDOWS\iltwain.ini
2008-01-05 13:15 . 2008-01-05 13:16 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-12-30 14:13 . 2007-12-30 14:13 <REP> d-------- C:\Program Files\Ares
2007-12-14 11:32 . 2007-12-14 11:32 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2007-12-08 11:15 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-08 11:15 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 19:06 4,662 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-25 15:39 --------- d-----w C:\Program Files\GIMP-2.0
2008-01-22 17:33 3,072 ----a-w C:\WINDOWS\~DFB428.tmp
2008-01-22 15:37 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-22 15:37 14,336 ----a-w C:\WINDOWS\system32\dllcache\svchost.exe
2007-11-28 16:57 --------- d-----w C:\Program Files\LimeWire
2007-11-28 11:29 --------- d-----w C:\Program Files\uTorrent
2007-11-28 11:19 --------- d-----w C:\Program Files\BitComet
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:49 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:49 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 11:00 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2005-05-12 05:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-23_19.40.33.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 17:40:38 3,308 ----a-w C:\WINDOWS\bthservsdp.dat
+ 2008-01-30 22:48:19 3,308 ----a-w C:\WINDOWS\bthservsdp.dat
- 2008-01-22 03:53:33 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-24 08:01:35 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
- 2008-01-22 19:40:04 8,384,512 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-01-26 19:10:24 8,507,392 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-01-22 19:40:05 372,736 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-26 19:10:24 372,736 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-28 09:58:49 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_740.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB}]
C:\WINDOWS\system32\iphttphl4.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 19:00 15360]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [ ]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 10:10 536576]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-11-23 17:18 962560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-27 01:14 36975]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 04:05 344064]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35 49152]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 00:44 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]
"PCDrProfiler"="" []
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 23:17 90112]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 06:12 49152]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 16:47 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 16:37 217088]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-01-02 23:58 180269]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 19:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-17 22:00 282624]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

C:\Documents and Settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-02 23:25:45 27136]

C:\Documents and Settings\marionette\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-02 23:25:45 27136]

C:\Documents and Settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-02 23:25:45 27136]

C:\Documents and Settings\dior\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-02 23:25:45 27136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21]
R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 15:37]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

*Newly Created Service* - ZDPNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-08-22 15:12:00 C:\WINDOWS\Tasks\Connexion facile à Internet.job"

g!rly · Answer

re,

enfin ;-)

Copie le texte ci-dessous :

File::
C:\WINDOWS\~DFB428.tmp
C:\WINDOWS\system32\iphttphl4.dll
C:\upaq.exe

Folder::


Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC7FF7DC-C5F6-D3CA-D1F2-CD9E1FC437EB}]


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix, 


Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+

Helpmei34 · Answer

Combisfix :

ComboFix 08-01-23.2 - dior 2008-01-31 20:44:53.7 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.541 [GMT 1:00]
Endroit: C:\Documents and Settings\dior\Bureau\ComboFix.exe
Command switches used :: C:\Documents and Settings\dior\Bureau\CFScript.txt
* Création d'un nouveau point de restauration

FILE
C:\upaq.exe
C:\WINDOWS\~DFB428.tmp
C:\WINDOWS\system32\iphttphl4.dll
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\upaq.exe
C:\WINDOWS\~DFB428.tmp
.
---- Previous Run -------
.
C:\WINDOWS\Temp\55303335.exe
C:\WINDOWS\Temp\83446251.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2007-12-28 to 2008-01-31 ))))))))))))))))))))))))))))))))))))
.

2008-01-31 20:11 . 2007-12-04 14:04 837,496 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-01-31 20:11 . 2004-01-09 11:13 380,928 --a------ C:\WINDOWS\system32\actskin4.ocx
2008-01-31 20:11 . 2007-12-04 13:54 95,608 --a------ C:\WINDOWS\system32\AVASTSS.scr
2008-01-31 20:11 . 2007-12-04 15:55 94,544 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-01-31 20:11 . 2007-12-04 15:56 93,264 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2008-01-31 20:11 . 2007-12-04 15:51 42,912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-01-31 20:11 . 2007-12-04 15:49 26,624 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-01-31 20:11 . 2007-12-04 15:53 23,152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-01-24 16:07 . 2008-01-24 16:07 <REP> d-------- C:\Deckard
2008-01-23 19:33 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\Nircmd.exe
2008-01-23 19:18 . 2008-01-23 19:18 <REP> d-------- C:\Program Files\Trend Micro
2008-01-23 13:56 . 2008-01-23 13:56 258,121 --a------ C:\WINDOWS\system32\sysdamp.exe
2008-01-22 21:51 . 2008-01-22 21:51 <REP> d-------- C:\Program Files\Sunbelt Software
2008-01-22 20:38 . 2008-01-22 20:39 <REP> d-------- C:\WINDOWS\ERUNT
2008-01-22 16:50 . 2008-01-22 16:50 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2008-01-19 16:26 . 2008-01-19 16:26 0 --a------ C:\WINDOWS\nsreg.dat
2008-01-15 11:51 . 2008-01-15 11:51 <REP> d-------- C:\PagesPro2007
2008-01-05 23:53 . 2008-01-05 23:53 <REP> d-------- C:\Programme
2008-01-05 23:46 . 2008-01-05 23:49 37 --a------ C:\WINDOWS\iltwain.ini
2008-01-05 13:15 . 2008-01-05 13:16 <REP> d-------- C:\Program Files\Fichiers communs\Adobe
2007-12-30 14:13 . 2007-12-30 14:13 <REP> d-------- C:\Program Files\Ares
2007-12-14 11:32 . 2007-12-14 11:32 12,632 --a------ C:\WINDOWS\system32\lsdelete.exe
2007-12-08 11:15 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2007-12-08 11:15 . 2001-08-17 22:02 9,600 --a------ C:\WINDOWS\system32\dllcache\hidusb.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-26 19:06 4,662 ----a-w C:\WINDOWS\system32\drivers\fwdrv.err
2008-01-25 15:39 --------- d-----w C:\Program Files\GIMP-2.0
2008-01-22 15:37 14,336 ----a-w C:\WINDOWS\system32\svchost.exe
2008-01-22 15:37 14,336 ----a-w C:\WINDOWS\system32\dllcache\svchost.exe
2007-11-28 16:57 --------- d-----w C:\Program Files\LimeWire
2007-11-28 11:29 --------- d-----w C:\Program Files\uTorrent
2007-11-28 11:19 --------- d-----w C:\Program Files\BitComet
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-10-30 23:23 3,590,656 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-10-30 17:20 360,064 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2007-10-25 16:43 8,516,608 ----a-w C:\WINDOWS\system32\dllcache\shell32.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\dllcache\wmasf.dll
2007-10-23 16:49 586,752 ----a-w C:\WINDOWS\WLXPGSS.SCR
2007-10-18 10:31 51,224 ----a-w C:\WINDOWS\system32\sirenacm.dll
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\dllcache\wininet.dll
2007-10-10 23:49 671,232 ----a-w C:\WINDOWS\system32\dllcache\mstime.dll
2007-10-10 23:49 63,488 ------w C:\WINDOWS\system32\dllcache\icardie.dll
2007-10-10 23:49 6,065,664 ------w C:\WINDOWS\system32\dllcache\ieframe.dll
2007-10-10 23:49 52,224 ------w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2007-10-10 23:49 478,208 ----a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
2007-10-10 23:49 459,264 ------w C:\WINDOWS\system32\dllcache\msfeeds.dll
2007-10-10 23:49 44,544 ----a-w C:\WINDOWS\system32\dllcache\iernonce.dll
2007-10-10 23:49 384,512 ----a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
2007-10-10 23:49 383,488 ------w C:\WINDOWS\system32\dllcache\ieapfltr.dll
2007-10-10 23:49 27,648 ----a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
2007-10-10 23:49 267,776 ------w C:\WINDOWS\system32\dllcache\iertutil.dll
2007-10-10 23:49 232,960 ----a-w C:\WINDOWS\system32\dllcache\webcheck.dll
2007-10-10 23:49 230,400 ----a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
2007-10-10 23:49 214,528 ----a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
2007-10-10 23:49 193,024 ----a-w C:\WINDOWS\system32\dllcache\msrating.dll
2007-10-10 23:49 153,088 ----a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
2007-10-10 23:49 132,608 ----a-w C:\WINDOWS\system32\dllcache\extmgr.dll
2007-10-10 23:49 124,928 ----a-w C:\WINDOWS\system32\dllcache\advpack.dll
2007-10-10 23:49 105,984 ----a-w C:\WINDOWS\system32\dllcache\url.dll
2007-10-10 23:49 102,400 ----a-w C:\WINDOWS\system32\dllcache\occache.dll
2007-10-10 23:49 1,159,680 ----a-w C:\WINDOWS\system32\dllcache\urlmon.dll
2007-10-10 11:00 70,656 ----a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-10-10 11:00 625,152 ----a-w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-10-10 10:59 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-10-10 05:46 161,792 ----a-w C:\WINDOWS\system32\dllcache\ieakui.dll
2005-05-12 05:36 12,288 ----a-w C:\WINDOWS\Fonts\RandFont.dll
.

((((((((((((((((((((((((((((( snapshot@2008-01-23_19.40.33.57 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-23 17:40:38 3,308 ----a-w C:\WINDOWS\bthservsdp.dat
+ 2008-01-31 19:12:01 3,308 ----a-w C:\WINDOWS\bthservsdp.dat
+ 2000-08-31 07:00:00 163,328 ----a-w C:\WINDOWS\erdnt\Hiv-backup\ERDNT.EXE
+ 2008-01-31 19:44:30 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000001\NTUSER.DAT
+ 2008-01-31 19:44:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000002\UsrClass.dat
+ 2008-01-31 19:44:30 237,568 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000003\NTUSER.DAT
+ 2008-01-31 19:44:30 8,192 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000004\UsrClass.dat
+ 2008-01-31 19:44:31 8,507,392 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000005\NTUSER.DAT
+ 2008-01-31 19:44:31 372,736 ----a-w C:\WINDOWS\erdnt\Hiv-backup\Users\00000006\UsrClass.dat
- 2008-01-22 03:53:33 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
+ 2008-01-24 08:01:35 163,328 ----a-w C:\WINDOWS\ERUNT\SDFIX\ERDNT.EXE
- 2008-01-22 19:40:04 8,384,512 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
+ 2008-01-26 19:10:24 8,507,392 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000001\NTUSER.DAT
- 2008-01-22 19:40:05 372,736 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-26 19:10:24 372,736 ----a-w C:\WINDOWS\ERUNT\SDFIX\Users\00000002\UsrClass.dat
+ 2008-01-31 19:38:42 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_744.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 19:00 15360]
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe" [ ]
"PopUpStopperFreeEdition"="C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe" [2005-03-17 10:10 536576]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-11-23 17:18 962560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [2005-08-27 01:14 36975]
"hpsysdrv"="c:\windows\system\hpsysdrv.exe" [1998-05-07 17:04 52736]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-08-14 04:05 344064]
"AlcxMonitor"="ALCXMNTR.EXE" [2004-09-07 21:47 57344 C:\WINDOWS\ALCXMNTR.EXE]
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe" [2005-06-02 07:35 49152]
"KBD"="C:\HP\KBD\KBD.EXE" [2005-02-03 00:44 61440]
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE" [2005-07-22 22:14 237568]
"PCDrProfiler"="" []
"PS2"="C:\WINDOWS\system32\ps2.exe" [2004-10-25 23:17 90112]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPwuSchd2.exe" [2005-05-12 06:12 49152]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2004-10-08 10:52 221184]
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe" [2005-01-18 16:47 458752]
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe" [2005-01-18 16:37 217088]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2005-01-02 23:58 180269]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-05 19:00 110592 C:\WINDOWS\system32\bthprops.cpl]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-17 22:00 282624]
"SystrayORAHSS"="C:\Program Files\OrangeHSS\Systray\SystrayApp.exe" [ ]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06 40048]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]

C:\Documents and Settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-02 23:25:45 27136]

C:\Documents and Settings\marionette\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-02 23:25:45 27136]

C:\Documents and Settings\Default User\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-02 23:25:45 27136]

C:\Documents and Settings\dior\Menu D‚marrer\Programmes\D‚marrage\
Pin.lnk - C:\hp\bin\CLOAKER.EXE [2005-01-02 23:25:45 27136]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 14:39 294400]

R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-04-26 09:21]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-04-26 09:21]
R3 SG760_XP;SAGEM 802.11g XG760 1211 Driver;C:\WINDOWS\system32\DRIVERS\WlanUZXP.sys [2005-07-13 15:37]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 06:08]
S2 SPF4;Sunbelt Personal Firewall 4;"C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" [2007-04-26 10:21]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
S3 ZDCndis5;ZDCndis5 Protocol Driver;C:\WINDOWS\system32\ZDCndis5.SYS []

*Newly Created Service* - ZDPNDIS5

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{E4066320-E4AE-11CF-B1B0-00AA00BBAD66}]
rundll32.exe advpack.dll,LaunchINFSection %SystemRoot%\INF\fpxpress.inf,PerUserstub
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2006-08-22 15:12:00 C:\WINDOWS\Tasks\Connexion facile à Internet.job"

Helpmei34 · Answer

Hitjack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:02, on 2008-01-31
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: ffdshow
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

g!rly · Answer

ok

fais ceci :

Scan en ligne bitdefender :

https://www.bitdefender.com/toolbox/

Clicker sur " I agree " et suivre les indications 

A faire imperativement sous internet explorer, en acceptant l´activ x

tutoriel en image en image

http://pageperso.aol.fr/rginformatique/mapage/defender.htm

post le rapport une fois effectué

@+

Helpmei34 · Answer

Le voici:



BitDefender Online Scanner - Real Time Virus Report
	

 
	

 

Generated at: Fri, Feb 01, 2008 - 08:34:43

 
	

 
	

 

Scan Info
	

 
	

 

Scanned Files
	

289333

Infected Files
	

59
	

 
	

 

 
	

 
	

 

Virus Detected
	

 
	

 

Dropped:Trojan.Spy.Delf.NKH
	

1

Backdoor.Sdbot.DFEO
	

11

Trojan.Proxy.Small.GE
	

1

Trojan.Agent.AGOV
	

1

Trojan.Kobcka.BE
	

1

Trojan.DNSChanger.BX
	

38

Trojan.Spy.Delf.NKH
	

2

BehavesLike:Win32.Malware
	

1

Trojan.Downloader.JJLV
	

1

BehavesLike:Win32.ExplorerHijack
	

1

Application.Drivecleaner.L
	

1
	

 
	

 

 
	

 
	

 

 
	

 
	

 

This summary of the scan process will be used by the BitDefender Antivirus Lab to create agregate statistics about virus activity around the world.

g!rly · Answer

salut helpmei34,

tu n´as pas un autre rapport que celui ci,  avec les chemins des fichiers infectés ?

@+

Helpmei34 · Answer

Hello !

Le voici :

BitDefender Online Scanner
	

 
	

 

Scan report generated at: Fri, Feb 01, 2008 - 00:34:51

 
	

 
	

 

Scan path: C:\;D:\;E:\;G:\;H:\;I:\;J:\;
	

 
	

 

 
	

 
	

 

Statistics

Time
	

01:06:54

Files
	

281042

Folders
	

8205

Boot Sectors
	

3

Archives
	

20080

Packed Files
	

20704
	

 
	

 

Results

Identified Viruses
	

10

Infected Files
	

58

Suspect Files
	

1

Warnings
	

0

Disinfected
	

0

Deleted Files
	

59
	

 
	

 

Engines Info

Virus Definitions
	

978461

Engine build
	

AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
	

16

Archive plugins
	

41

Unpack plugins
	

7

E-mail plugins
	

6

System plugins
	

5
	

 
	

 

Scan Settings

First Action
	

Disinfect

Second Action
	

Delete

Heuristics
	

Yes

Enable Warnings
	

Yes

Scanned Extensions
	

*;

Exclude Extensions
	

 

Scan Emails
	

Yes

Scan Archives
	

Yes

Scan Packed
	

Yes

Scan Files
	

Yes

Scan Boot
	

Yes
	

 
	

 
 

Scanned File
	

 Status

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/abdlbi.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/abdlbi.exe
	

Disinfection failed

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/abdlbi.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/arbvwr.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/arbvwr.exe
	

Disinfection failed

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/arbvwr.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/avxfoa.exe
	

Infected with: Backdoor.Sdbot.DFEO

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/avxfoa.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/bblwwm.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/bblwwm.exe
	

Disinfection failed

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/bblwwm.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/blxryw.exe
	

Infected with: Backdoor.Sdbot.DFEO

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/blxryw.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/cxbezn.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/cxbezn.exe
	

Disinfection failed

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/cxbezn.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/cywsra.exe
	

Infected with: Backdoor.Sdbot.DFEO

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/cywsra.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/dbmbtf.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/dbmbtf.exe
	

Disinfection failed

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/dbmbtf.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/ejkrfl.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/ejkrfl.exe
	

Disinfection failed

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/ejkrfl.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/eowthx.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/eowthx.exe
	

Disinfection failed

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/eowthx.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/faylhf.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/faylhf.exe
	

Disinfection failed

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/faylhf.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/fmirqt.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/fmirqt.exe
	

Disinfection failed

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/fmirqt.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/iikigm.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/iikigm.exe
	

Disinfection failed

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/iikigm.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/jfksri.exe
	

Infected with: Backdoor.Sdbot.DFEO

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/jfksri.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/jnrzhp.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/jnrzhp.exe
	

Disinfection failed

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/jnrzhp.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/mlpgqp.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/mlpgqp.exe
	

Disinfection failed

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/mlpgqp.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/nqcvyh.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/nqcvyh.exe
	

Disinfection failed

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/nqcvyh.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/okntiy.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/okntiy.exe
	

Disinfection failed

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/okntiy.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/paghzy.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/paghzy.exe
	

Disinfection failed

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/paghzy.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/ptxyqc.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/ptxyqc.exe
	

Disinfection failed

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/ptxyqc.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/qwyizr.exe
	

Infected with: Backdoor.Sdbot.DFEO

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/qwyizr.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/qxmszh.exe
	

Infected with: Backdoor.Sdbot.DFEO

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/qxmszh.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/rcrjdm.exe
	

Infected with: Backdoor.Sdbot.DFEO

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/rcrjdm.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/sfflxx.exe
	

Infected with: Backdoor.Sdbot.DFEO

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/sfflxx.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/ttmwsn.exe
	

Infected with: Backdoor.Sdbot.DFEO

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/ttmwsn.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/tvcipj.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/tvcipj.exe
	

Disinfection failed

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/tvcipj.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/uitdtn.exe
	

Infected with: Backdoor.Sdbot.DFEO

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/uitdtn.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/vfhxmn.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/vfhxmn.exe
	

Disinfection failed

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/vfhxmn.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/wfmqlo.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/wfmqlo.exe
	

Disinfection failed

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/wfmqlo.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/yafadd.exe
	

Infected with: Backdoor.Sdbot.DFEO

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip=>backup/yafadd.exe
	

Deleted

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip
	

Updated

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6DE9GHUD\12345[1].exe
	

Suspected of: BehavesLike:Win32.Malware

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6DE9GHUD\12345[1].exe
	

Disinfection failed

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6DE9GHUD\12345[1].exe
	

Deleted

C:\Documents and Settings\marionette\Mes documents\LOGICIEL\SDFix\backups\backups.zip=>backups/ip6fw.sys
	

Infected with: Trojan.Kobcka.BE

C:\Documents and Settings\marionette\Mes documents\LOGICIEL\SDFix\backups\backups.zip=>backups/ip6fw.sys
	

Deleted

C:\Documents and Settings\marionette\Mes documents\LOGICIEL\SDFix\backups\backups.zip
	

Updated

C:\Documents and Settings\marionette\Mes documents\LOGICIEL\SDFix\backups\backups.zip=>backups/services.exe
	

Infected with: Trojan.Downloader.JJLV

C:\Documents and Settings\marionette\Mes documents\LOGICIEL\SDFix\backups\backups.zip=>backups/services.exe
	

Deleted

C:\Documents and Settings\marionette\Mes documents\LOGICIEL\SDFix\backups\backups.zip
	

Updated

C:\Documents and Settings\marionette\Mes documents\LOGICIEL\SDFix\backups\backups.zip=>backups/tuwwp.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Documents and Settings\marionette\Mes documents\LOGICIEL\SDFix\backups\backups.zip=>backups/tuwwp.exe
	

Disinfection failed

C:\Documents and Settings\marionette\Mes documents\LOGICIEL\SDFix\backups\backups.zip=>backups/tuwwp.exe
	

Deleted

C:\Documents and Settings\marionette\Mes documents\LOGICIEL\SDFix\backups\backups.zip
	

Updated

C:\Documents and Settings\marionette\Mes documents\LOGICIEL\SDFix\backups\backups.zip=>backups/UDC6V_0001_D19M0709NetInstaller.exe
	

Detected with: Application.Drivecleaner.L

C:\Documents and Settings\marionette\Mes documents\LOGICIEL\SDFix\backups\backups.zip=>backups/UDC6V_0001_D19M0709NetInstaller.exe
	

Deleted

C:\Documents and Settings\marionette\Mes documents\LOGICIEL\SDFix\backups\backups.zip
	

Updated

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\51MS498L\mutex_n1_21_01_08_0[1].exe
	

Infected with: BehavesLike:Win32.ExplorerHijack

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\51MS498L\mutex_n1_21_01_08_0[1].exe
	

Disinfection failed

C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\51MS498L\mutex_n1_21_01_08_0[1].exe
	

Deleted

C:\Program Files\Mozilla Firefox\azkawy.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Program Files\Mozilla Firefox\azkawy.exe
	

Disinfection failed

C:\Program Files\Mozilla Firefox\azkawy.exe
	

Deleted

C:\Program Files\Mozilla Firefox\cpjfhm.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Program Files\Mozilla Firefox\cpjfhm.exe
	

Disinfection failed

C:\Program Files\Mozilla Firefox\cpjfhm.exe
	

Deleted

C:\Program Files\Mozilla Firefox\ehiivc.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Program Files\Mozilla Firefox\ehiivc.exe
	

Disinfection failed

C:\Program Files\Mozilla Firefox\ehiivc.exe
	

Deleted

C:\Program Files\Mozilla Firefox\havrns.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Program Files\Mozilla Firefox\havrns.exe
	

Disinfection failed

C:\Program Files\Mozilla Firefox\havrns.exe
	

Deleted

C:\Program Files\Mozilla Firefox\iwsxod.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Program Files\Mozilla Firefox\iwsxod.exe
	

Disinfection failed

C:\Program Files\Mozilla Firefox\iwsxod.exe
	

Deleted

C:\Program Files\Mozilla Firefox
fwidj.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Program Files\Mozilla Firefox
fwidj.exe
	

Disinfection failed

C:\Program Files\Mozilla Firefox
fwidj.exe
	

Deleted

C:\Program Files\Mozilla Firefoxxsgvp.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Program Files\Mozilla Firefoxxsgvp.exe
	

Disinfection failed

C:\Program Files\Mozilla Firefoxxsgvp.exe
	

Deleted

C:\Program Files\Mozilla Firefox	qujjv.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Program Files\Mozilla Firefox	qujjv.exe
	

Disinfection failed

C:\Program Files\Mozilla Firefox	qujjv.exe
	

Deleted

C:\Program Files\Mozilla Firefox\woudxv.exe
	

Infected with: Trojan.DNSChanger.BX

C:\Program Files\Mozilla Firefox\woudxv.exe
	

Disinfection failed

C:\Program Files\Mozilla Firefox\woudxv.exe
	

Deleted

C:\RECYCLER\S-1-5-21-96136351-312652844-1381540919-1009\Dc2957.dll
	

Infected with: Trojan.Spy.Delf.NKH

C:\RECYCLER\S-1-5-21-96136351-312652844-1381540919-1009\Dc2957.dll
	

Deleted

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP438\A0113133.com
	

Infected with: Trojan.Agent.AGOV

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP438\A0113133.com
	

Deleted

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120792.exe
	

Infected with: Trojan.DNSChanger.BX

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120792.exe
	

Disinfection failed

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120792.exe
	

Deleted

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120793.exe
	

Infected with: Trojan.DNSChanger.BX

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120793.exe
	

Disinfection failed

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120793.exe
	

Deleted

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120794.exe
	

Infected with: Trojan.DNSChanger.BX

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120794.exe
	

Disinfection failed

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120794.exe
	

Deleted

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120795.exe
	

Infected with: Trojan.DNSChanger.BX

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120795.exe
	

Disinfection failed

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120795.exe
	

Deleted

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120796.exe
	

Infected with: Trojan.DNSChanger.BX

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120796.exe
	

Disinfection failed

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120796.exe
	

Deleted

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120797.exe
	

Infected with: Trojan.DNSChanger.BX

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120797.exe
	

Disinfection failed

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120797.exe
	

Deleted

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120798.exe
	

Infected with: Trojan.DNSChanger.BX

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120798.exe
	

Disinfection failed

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120798.exe
	

Deleted

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120799.exe
	

Infected with: Trojan.DNSChanger.BX

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120799.exe
	

Disinfection failed

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120799.exe
	

Deleted

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120800.exe
	

Infected with: Trojan.DNSChanger.BX

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120800.exe
	

Disinfection failed

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120800.exe
	

Deleted

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120801.dll
	

Infected with: Trojan.Spy.Delf.NKH

C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120801.dll
	

Deleted

C:\WINDOWS\system32\sysdamp.exe
	

Infected with: Dropped:Trojan.Spy.Delf.NKH

C:\WINDOWS\system32\sysdamp.exe
	

Disinfection failed

C:\WINDOWS\system32\sysdamp.exe
	

Deleted

C:\_OTMoveIt\MovedFiles\bhij.exe
	

Infected with: Trojan.Proxy.Small.GE

C:\_OTMoveIt\MovedFiles\bhij.exe
	

Deleted

g!rly · Answer

salut helpmei34,

ok pour le rapport :

supprime msnfix, sdfix, ot_move it ainsi que leurs quarantaines.

puis

refais un scan en ligne ici :

Fais un scan en ligne Kaspersky avec Internet Explorer :
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
-> Click sur Démarrer Online-Scanner
-> Click maintenant sur J'accepte.
-> Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
-> Patiente pendant l'installation des Mises à jour.
-> Choisis par la suite l'analyse du Poste de travail.
-> Sauvegarde puis colle le rapport généré en fin d'analyse.

@+

Helpmei34 · Answer

Hello !

Je les supprime que sur le bureau où il faut que j'aille dans le C:\ ?

Helpmei34 · Answer

Quand je clic sur 'accepter' rien ne se passe...

g!rly · Answer

re,

supprime ceci :

C:\Documents and Settings\marionette\Mes documents\LOGICIEL\SDFix\backups\backups.zip

+ sdfix si il est sur ton bureau 

C:\Documents and Settings\dior\Bureau\MSNFix\MSNFix\22012008_22184426.zip

+ msnfix sur ton bureau 

C:\_OTMoveIt\MovedFiles

+ ot_move it sur ton bureau 

pour kaspersky: fais le bien sous internet explorer

Quand je clic sur 'accepter' rien ne se passe...

ca doit etre a cause de l´activ x

activ x :

As tu accepter les activ X ?

   si non vérifie comme ceci :

-> menu : 
  
  "Outils" ->

  "Options Internet" d'Internet Explorer :

   dans l'onglet "Sécurité", places toi sur la zone "Internet" et clique sur "Valeurs par défaut".

   dans onglet "Avancé" clique aussi sur "Valeurs par défaut".

-> Vérifie également que les activ X sont bien paramétrés comme ceci :

   http://membres.lycos.fr/dude2005/reglages/activex_scan.png

-> Reconnecte-toi sur le site  https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr tu verras qu'avant de télécharger l'activ X,

   au dessus dans la barre de Internet Explorer, il faut l'autoriser.

@+

Helpmei34 · Answer

Où est ce que je trouve le rapport ? car le scan s'est enfin fini mais j'ai aucun lien vers un rapport ?..

g!rly · Answer

re,

tu n´as pas sauvegardé le rapport?

car il a du l´affiché...

@+

Helpmei34 · Answer

Je n'étais pas sur l'ordi car ça a prit 3h30 pour qu'il se fasse. Quand je suis revenue il y avait seulement écrit "terminé". je suis entrain de le refaire...

Parcontre j'ai un ENORME problème : Ma connexion n'arrête pas de se déconnecter et de se connecter au moins 10 fois à la minute... Helpe me !!!!!!!!!! svp

g!rly · Answer

re,

oui c´est bien dommage que tu n´est pas eu le rapport

fais ceci avant de relancer kaspersky.

Télécharge FixWareout d'un de ces deux sites sur le bureau:

   http://downloads.subratam.org/Fixwareout.exe
   http://swandog46.geekstogo.com/Fixwareout.exe

-> Lance le fix : clique sur Next, puis Install, puis assure toi que "Run fixit" est activé puis click sur Finish.
   Le fix va commencer, suis les messages à l'écran. Il te sera demandé de redémarrer ton ordinateur, fais le. Ton système mettra un peu plus de temps au démarrage, c'est normal.

-> Poste (Copie/colle) le contenu du rapport qui va s'afficher à l'écran (report.txt)

nb:
Si et seulement si il y a des difficultés de connexion après cette manip: (sinon tu ne t'occupe pas de ce qui suit et tu passe à l'étape suivante)
Démarrer > Panneau de configuration > Connexions réseau
Faire un clic droit sur ta connexion par défaut, nommée en général "Connexion au réseau local" ou "Accès à distance" et clic sur propriétés.
Clic sur l'onglet 'Gestion de réseau'
Double clic sur 'Protocole Internet (TCP/IP)' et selectionne 'Obtenir les adresses des serveurs DNS automatiquement'.
Clique deux fois sur OK, et redémarre l'ordinateur.

@+

Helpmei34 · Answer

Le voici le report.txt

Username "dior" - 2008-02-05  0:46:45 [Fixwareout edited 9/01/2007]

~~~~~ Prerun check

Cache de résolution DNS vidé.


System was rebooted successfully. 
 
~~~~~ Postrun check 
HKLM\SOFTWARE\~\Winlogon\ "System"="" 
....
....
~~~~~ Misc files. 
....
~~~~~ Checking for older varients.
....

~~~~~ Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe"
"hpsysdrv"="c:\windows\system\hpsysdrv.exe"
"ATIPTA"="\"C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe\""
"AlcxMonitor"="ALCXMNTR.EXE"
"HPHUPD08"="c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe"
"KBD"="C:\HP\KBD\KBD.EXE"
"Recguard"="C:\WINDOWS\SMINST\RECGUARD.EXE"
"PCDrProfiler"=""
"PS2"="C:\WINDOWS\system32\ps2.exe"
"HP Software Update"=hex(2):43,3a,5c,50,72,6f,67,72,61,6d,20,46,69,6c,65,73,5c,\
48,50,5c,48,50,20,53,6f,66,74,77,61,72,65,20,55,70,64,61,74,65,5c,48,50,77,\
75,53,63,68,64,32,2e,65,78,65,00
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\Program Files\Logitech\Video\ISStart.exe "
"LogitechVideoTray"="C:\Program Files\Logitech\Video\LogiTray.exe"
"TkBellExe"="\"C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe\"  -osboot"
"BluetoothAuthenticationAgent"="rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent"
"QuickTime Task"="\"C:\Program Files\QuickTime\qttask.exe\" -atboottime"
"SystrayORAHSS"="\"C:\Program Files\OrangeHSS\Systray\SystrayApp.exe\""
"Adobe Reader Speed Launcher"="\"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe\""
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe"
"Free Download Manager"="C:\Program Files\Free Download Manager\fdm.exe -autorun"
"PopUpStopperFreeEdition"="\"C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe\""
"ares"="\"C:\Program Files\Ares\Ares.exe\" -h"
....
Hosts file was reset, If you use a custom hosts file please replace it...
~~~~~ End report ~~~~~

g!rly · Answer

ok merci 

ta connection va mieux?

@+

Helpmei34 · Answer

Elle ne s'est pas déconnectée depuis que j'ai rallumé l'ordi... J'espère que ca va durer MERCI :)

Sais tu de quoi ca venait ?

Helpmei34 · Answer

Ca vient de le refaire... ggrr!!

g!rly · Answer

bon, 

j´espere voir le rapport de kaspersky...

bonne nuit

@+

Helpmei34 · Answer

Concernant la 2ème manip' pour la connexion, la case que tu m'as demandé de cocher était déja cochée...

Je fais le scan et te le poste...

Bonne nuit

Helpmei34 · Answer

Alors là je n'y comprends rien ! J'ai attendu que le scan se termine et une fois fini : Pas de rapport... !! Ca me dit que j'ai 4 virus et 62 fichiers infectés et c'est tout...

g!rly · Answer

salut helpmei34, 

c´est encore tres embetant que tu ne puisse pas me montrer de rapport...

fais ceci :

nettoie tes fichiers temporaires avec ceci : atf cleaner, regarde le tuto...

http://www.infosecu.fr/atf.html

telecharge le ici :

http://serveur1.archive-host.com/membres/up/1366464061/ATF-Cleaner.rar

puis avec celui ci :

->Clean Up 40:

http://pageperso.aol.fr/balltrap34/CleanUp40.exe

->aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm

click sur option et décoche la case devant : delete prefect files

vide le manuellement :

:: Le contenu du dossier prefetch ::

* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

* Ne pas oublier de vider la corbeille !

puis 

Telecharge Winpfind3u.exe sur ton bureau :

-> http://sd-1.archive-host.com/membres/up/1366464061/winpfind3u.exe

Cré un dossier sur ton bureau appelé par exemple win.

Double click sur le fichier zip Winpfind3u.exe dans la petite boite qui va s´ouvrir click en haut sur extract to et choisie dans la liste deroulante ton dossier win. et appuie alors sur le bouton extract (a gauche).

Redemarre en mode sans echec :

Comment redémarrer en mode sans echec? 

   Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
   Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
   capture d´ecran : http://www.coupdepoucepc.com/images_cdppc4/fichespratiques/windowsxp/modese/modese2.jpg
   Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
   Ps : si F8 ne marche pas utilise la touche F5.

Ouvre le dossier WinPFind3u et double click sur WinPFind3U.exe pour demarrer le programme

Réglages :

¤ Sous processus ¤

Coche la case : "Non-Microsoft"

¤ Sous win32 services ¤

Coche la case : "Non-Microsoft"

¤ Sous Driver Services group ¤

Coche la case : "Non-Microsoft"

¤ Sous Registry ¤

Coche la case : "Non-Microsoft"

¤ Sous Files/Folders Created Within ¤

COche la case : "30 days" et assure toi que la case "Non-Microsoft only" est bien cochée

¤ Sous Files/Folders Modified Within ¤

COche la case : "30 days" et assure toi que la case "Non-Microsoft only" est bien cochée

¤ Sous File String Search ¤

Coche la case : "Non-Microsoft"

Sur la partie de droite concernant les actions aditionelles au scan :

Décoche la case "Non-Microsoft only"

Et click sur le bouton "Select all"

Mintenant il est temps de scanner :

Appuie sur le boutont en haut a gauche "Run scan"

Le scan va alors demarrer, il va scanner un nombre important de fichiers alors dépendant du nombre de fichiers contenus dans ton pc, il sera plus ou moins long...

Laisse le travailler jusqu´au bout sans interruption.

Une fois le scan terminé, un rapport va s´afficher dans le bloc note, sauvegarde le de facon a le retrouver une fois avoir redemarré en mode normal.

Redemarre en mode normal et post le rapport ici

Helpmei34 · Answer

Le rapport est extrement long... 74p....Je poste tout ici ?...

g!rly · Answer

salut Helpmei34,

A vrai dire je voulais tester ce logiciel, mais j´ai du faire une erreure dans les reglages que je t´ai indiqués...

Je suis desolé pour la perte de temps occasionnée, mais comme tu l´as compris, 74 pages c´est beaucoups...

Tu peux supprimer Winpfind3u.exe et le rapport.

Regarde ceci concernant avast :

antivir vs avast :

-> http://forum.malekal.com/ftopic3528.php

alors je te conseille de le desinstaller et d´installer antivir a la place

Telecharge et instal l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

https://www.avira.com/en/prime

http://mickael.barroux.free.fr/securite/antivir.php 
http://speedweb1.free.fr/frames2.php?page=tuto5
<- tutoriel configuration du scanner...

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes : 
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

A pres avoir installé Antivir, fais un scan complet de ta machine avec les reglages que je t´ai stipulés si dessus et post le rapport ici 

@+

Helpmei34 · Answer

Salut,

Il me semblait bien, c'était bizarre mais c'est pas grave :)


Quant à l'antivirus, j'ai déja essayé de le changer oour antivir car j'ai beaucoup entendu qu'il est bcp mieux que avast mais lorsque je l'intalle ca me dit qu'il est périmé... je vais réessayer avec ton lien...

Helpmei34 · Answer

Voici le rapport Antivir : AntiVir PersonalEdition Classic Report file date: 2008-02-08 11:33 Scanning for 1096091 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: NOM-EB85C523610 Version information: BUILD.DAT : 270 15603 Bytes 2007-09-19 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 2007-08-23 13:16:29 AVSCAN.DLL : 7.0.6.0 49192 Bytes 2007-08-16 12:23:51 LUKE.DLL : 7.0.5.3 147496 Bytes 2007-08-14 15:32:47 LUKERES.DLL : 7.0.6.1 10280 Bytes 2007-08-21 12:35:20 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 2007-07-18 14:27:15 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 2007-12-14 10:21:27 ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 2008-01-25 10:21:27 ANTIVIR3.VDF : 7.0.2.109 354816 Bytes 2008-02-08 10:21:27 AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 2008-02-08 10:21:28 AVWINLL.DLL : 1.0.0.7 14376 Bytes 2007-02-26 10:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 2007-07-18 07:39:17 AVREP.DLL : 7.0.0.1 155688 Bytes 2007-04-16 13:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 2008-02-08 10:21:28 AVREG.DLL : 7.0.1.6 30760 Bytes 2007-07-18 07:17:06 AVARKT.DLL : 1.0.0.20 278568 Bytes 2007-08-28 12:26:33 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 2007-07-18 07:10:18 NETNT.DLL : 7.0.0.0 7720 Bytes 2007-03-08 11:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 2007-08-07 12:38:13 RCTEXT.DLL : 7.0.62.0 86056 Bytes 2007-08-21 12:50:37 SQLITE3.DLL : 3.3.17.1 339968 Bytes 2007-07-23 09:37:21 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: D:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Macro heuristic..................: on File heuristic...................: high Start of the scan: 2008-02-08 11:33 Starting search for hidden objects. '65506' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'searchfilterhost.exe' - '1' Module(s) have been scanned Scan process 'searchprotocolhost.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'WINWORD.EXE' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'hpqste08.exe' - '1' Module(s) have been scanned Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned Scan process 'WindowsSearch.exe' - '1' Module(s) have been scanned Scan process 'hpqtra08.exe' - '1' Module(s) have been scanned Scan process 'searchindexer.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'FxSvr2.exe' - '1' Module(s) have been scanned Scan process 'Ares.exe' - '1' Module(s) have been scanned Scan process 'PSFree.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'qttask.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'LogiTray.exe' - '1' Module(s) have been scanned Scan process 'LVCOMSX.EXE' - '1' Module(s) have been scanned Scan process 'hpwuSchd2.exe' - '1' Module(s) have been scanned Scan process 'kbd.exe' - '1' Module(s) have been scanned Scan process 'ALCXMNTR.EXE' - '1' Module(s) have been scanned Scan process 'atiptaxx.exe' - '1' Module(s) have been scanned Scan process 'hpsysdrv.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'aawservice.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 51 processes with 51 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! Master boot sector HD1 [NOTE] No virus was found! Master boot sector HD2 [NOTE] No virus was found! [WARNING] The boot sector file could not be read! [WARNING] Error code: 0x0015 Master boot sector HD3 [NOTE] No virus was found! [WARNING] The boot sector file could not be read! [WARNING] Error code: 0x0015 Master boot sector HD4 [NOTE] No virus was found! [WARNING] The boot sector file could not be read! [WARNING] Error code: 0x0015 Master boot sector HD5 [NOTE] No virus was found! [WARNING] The boot sector file could not be read! [WARNING] Error code: 0x0015 Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'D:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '53' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\0174F6BA.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47e331b1.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\07103065.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd31bb.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\08198692.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was deleted! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\09F0702A.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was deleted! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\0B023CE4.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dc31d4.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\0B575794.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was renamed to '0B575794.exe.VIR'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\10352F24.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47df31df.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\11AB551D.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47ed31e1.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\169447C5.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47e531e6.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\1709259E.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dc31e7.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\19C2CF95.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47ef31ea.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\22C5711C.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47ef31e3.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\24FB0BFD.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47f231e5.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\252703B4.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47de31e6.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\2A4B097A.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47e031f3.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\2B3E09BE.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47df31f4.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\4AA3FB0C.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47ed31f3.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\4B99787E.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47e531f5.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\5092188A.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47e531e3.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\51BE177F.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47ee31e5.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\54F5765D.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47f231e8.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\56F88D2F.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47f231eb.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\571C2DCC.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd31ec.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\5F2A63C4.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47de31fb.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\6689FBB0.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47e431ec.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\691CB283.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd31ef.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\6BDC0936.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47f031f8.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\6E2ABA76.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47de31fc.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\821D4C79.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd31e9.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\8E1A1C73.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd31fc.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\9DAB94F7.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47ed31fc.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\9EF053E7.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47f231fd.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\A421BFCC.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47de31ed.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\A5ADD5EC.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47ed31ee.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\A8FD263C.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47f231f1.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\AD0BC537.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dc31fe.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\B10BA732.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dc31eb.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\B200D6C8.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dc31ec.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\B9A9C96D.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47ed31f4.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\BAD543EF.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47f031fc.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\BEA7F9A5.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47ed3200.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\C156C261.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47e131ed.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\C2DC0F37.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47f031ee.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\D06B2DFB.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47e231ec.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\D3E408E0.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47f131f0.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\DD134312.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd3201.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\ECB4AC39.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47ee3200.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\ECE18646.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47f13200.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\ED3CC5DB.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47df3202.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\EFF67D8B.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47f23204.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\F0839843.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47e431ef.qua'! C:\Deckard\System Scanner\20080127210749\backup\WINDOWS emp\F44B6347.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '46409fc4.qua'! C:\Documents and Settings\dior\Mes documents\Downloads\VirtualCamera.v1.0.1.1.Final.Multilanguage.WinALL.Incl.Keygen-BLiZZARD.rar [0] Archive type: RAR --> VirtualCamera.v1.0.1.1.Final.Multilanguage.WinALL.Incl.Keygen-BLiZZARD\keygen.exe [DETECTION] Contains suspicious code HEUR/Crypted [INFO] The file was moved to '481e330f.qua'! C:\Documents and Settings\dior\Mes documents\Musik\Luciano_Pavarotti_gets_pranked.wma [DETECTION] Is the Trojan horse TR/Wimad.A.Gen [INFO] The file was moved to '480f333a.qua'! C:\Program Files\TBONBin bon.exe [DETECTION] Contains suspicious code HEUR/Crypted [INFO] The file was moved to '481b3921.qua'! C:\QooBox\Quarantine\catchme2008-01-31_170256.12.zip [0] Archive type: ZIP --> ztx86.sys [DETECTION] Is the Trojan horse TR/Rootkit.Gen --> astq.tga [DETECTION] Is the Trojan horse TR/Rootkit.Gen [INFO] The file was moved to '4820396d.qua'! C:\QooBox\Quarantine\C\upaq.exe.vir [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was moved to '480d397d.qua'! C:\QooBox\Quarantine\C\WINDOWS\Temp\55303335.exe.vir [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47df3942.qua'! C:\QooBox\Quarantine\C\WINDOWS\Temp\83446251.exe.vir [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47e03940.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP439\A0115671.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was moved to '47dd3964.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120756.exe [DETECTION] Is the Trojan horse TR/Crypt.XPACK.Gen [INFO] The file was moved to '47dd398d.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP448\A0120803.exe [DETECTION] Contains a detection pattern of the (dangerous) backdoor program BDS/Small.Crw.1 Backdoor server programs [INFO] The file was moved to '47dd398e.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP450\A0120966.exe [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen [INFO] The file was moved to '47dd3999.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP450\A0120967.exe [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen [INFO] The file was moved to '47dd399a.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP450\A0120968.exe [DETECTION] Is the Trojan horse TR/Delphi.Downloader.Gen [INFO] The file was moved to '4640a403.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122819.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39bd.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122820.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39be.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122821.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a427.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122822.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39b0.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122823.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39bf.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122824.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a458.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122825.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39c1.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122826.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39c0.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122827.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a459.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122828.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39c2.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122829.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a45b.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122830.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a45a.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122831.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39c3.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122832.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a45c.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122833.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39c4.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122834.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a45d.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122835.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39c6.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122836.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a45f.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122837.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39c5.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122838.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a45e.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122839.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39c7.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122840.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39f8.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122841.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a461.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122842.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39fa.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122843.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a450.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122844.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39c9.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122845.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a452.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122846.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a463.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122847.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39fc.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122848.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a465.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122849.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39cb.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122850.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a454.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122851.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39cd.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122852.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a456.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122853.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39c8.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122854.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a451.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122855.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39ca.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122856.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39cf.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122857.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a448.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122858.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39d1.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122859.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a44a.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122860.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a453.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122861.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39cc.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122862.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a455.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122863.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39d3.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122864.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a44c.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122865.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39d5.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122866.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39ce.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122867.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a457.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122868.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '47dd39fe.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122869.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a467.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122870.exe [DETECTION] Is the Trojan horse TR/Agent.131072.D.2 [INFO] The file was moved to '4640a44e.qua'! C:\System Volume Information\_restore{F75EEC69-6E97-419B-93B4-6A3A275301C4}\RP452\A0122873.exe [DETECTION] Contains suspicious code HEUR/Crypted [INFO] The file was moved to '47dd39d7.qua'! Begin scan in 'D:\' End of the scan: 2008-02-08 12:37 Used time: 1:04:03 min The scan has been done completely. 8119 Scanning directories 359482 Files were scanned 116 viruses and/or unwanted programs were found 3 Files were classified as suspicious: 2 files were deleted 0 files were repaired 115 files were moved to quarantine 1 files were renamed 2 Files cannot be scanned 359366 Files not concerned 13714 Archives were scanned 2 Warnings 25 Notes 65506 Objects were scanned with rootkit scan 0 Hidden objects were found

g!rly · Answer

Re,

bon c´est pas mal du tout, en faite tout ou presque tout ce que antivir a détécté ce sont des fichiers soit dans la quarantaine des outils que nous avons utilisés ou soit les outils eux memes.

en realité voici les fichiers infectés :

C:\Documents and Settings\dior\Mes documents\Downloads\VirtualCamera.v1.0.1.1.Final.Multilanguage.WinALL.Incl.Keygen-BLiZZARD .rar
VirtualCamera.v1.0.1.1.Final.Multilanguage.WinALL.Incl.Keygen-BLiZZARD\keygen.exe
C:\Documents and Settings\dior\Mes documents\Musik\Luciano_Pavarotti_gets_pranked.wma
C:\Program Files\TBONBin	bon.exe

Supprime ce programme -> C:\Program Files\TBONBin

Vide la quarantaine d´antivir.

Tu telecharge avec quoi comme programme p2p?

post un nouveau hijack this stp

@+

Helpmei34 · Answer

Re,

C:\Documents and Settings\dior\Mes documents\Downloads\VirtualCamera.v1.0.1.1.Final.Multilanguage.WinALL.Incl.Keygen-BLiZZARD .rar
VirtualCamera.v1.0.1.1.Final.Multilanguage.WinALL.Incl.Keygen-BLiZZARD\keygen.exe
C:\Documents and Settings\dior\Mes documents\Musik\Luciano_Pavarotti_gets_pranked.wma
C:\Program Files\TBONBin	bon.exe

Je dois aller effacer ca ?

Mon p2p c'est ares mais je change souvent, j'ai aussi utorrent

Hitjack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:34, on 2008-02-08
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
c:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\marionette\Mes documents\LOGICIEL\PhotoFiltre.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.orange.fr/portail
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\OrangeHSS\SearchURLHook\SearchPageURL.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SystrayORAHSS] "C:\Program Files\OrangeHSS\Systray\SystrayApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [PopUpStopperFreeEdition] "C:\PROGRA~1\PANICW~1\POP-UP~1\PSFree.exe"
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - S-1-5-18 Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'SYSTEM')
O4 - .DEFAULT Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - .DEFAULT User Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE (User 'Default user')
O4 - Startup: Pin.lnk = C:\hp\bin\CLOAKER.EXE
O4 - Global Startup: ffdshow
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin
pjpi150_05.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe

g!rly · Answer

Re,

C:\Documents and Settings\dior\Mes documents\Downloads\VirtualCamera.v1.0.1.1.Final.Multilanguage.WinALL.Incl.Keygen-BLiZZARD .rar
VirtualCamera.v1.0.1.1.Final.Multilanguage.WinALL.Incl.Keygen-BLiZZARD\keygen.exe
C:\Documents and Settings\dior\Mes documents\Musik\Luciano_Pavarotti_gets_pranked.wma
C:\Program Files\TBONBin	bon.exe

Je dois aller effacer ca ? 

non.

Supprime ce programme -> C:\Program Files\TBONBin 

Je ne connait pas ces programme de p2p mais vu ce que tu en recolte, c´est pas terrible!!!

car les fichiers au dessus trouvés par antivir proviennent de la bas...

je serait toi je ferais vraiment gaffe.

fais ceci :

appuie simultanement sur la touche windows a droit de la barre d´espace (drapeau windows) et sur "e" ->une fois dans le post de travail click sur le disk c > program files >java ouvre le fichier java et click sur le fichier jre1.5.0_05 pour l´ouvrir puis ouvre le fichier bin et dedans tu recherche ceci : jucheck.exe tu double click dessus et effectue la mise a jour de java> tu veux la version 1.6.0_03
une fois la mise a jour effectuée tu va dans ajoute/suppression de program et tu supprime toutes les autres update de java, il ne doit te rester que celle que tu viens de faire : 1.6.0_03 

puis 

Ccleaner:

-> Télécharge Ccleaner (n'installe pas la barre d'outil Yahoo):

   http://www.commentcamarche.net/telecharger/telechargement 168 ccleaner

-> L´installer.

-> Une fois installé et lancé :

   Dans la colonne de gauche, click sur :

   ->"erreurs" :

      Coches toutes les cases sous"l´integrité du registre", puis click en bas sur "chercher des erreurs" une fois terminé, clic sur "reparer les erreurs", tu auras un message pour sauvegarder ta base de registre, tu click "oui" puis tu recommence jusqu'à ce qu'il ne trouve plus rien.
      
      ps : les sauvegardes que tu auras faites, pourront etre supprimées ulterieurement si tout va bien.

   ->"nettoyeur"
   
      quitte ton navigateur avant de le lancer, dans les propriétés du nettoyeur de l´onglet "windows" et "applications"décoche la derniere case (Avancé si elle est cochée) puis click sur "lancer le nettoyage" qunand il aura terminé le scan click en bas a droite sur "lancer le nettoyage" et accepte par oui.

-> Tutoriel en image :

   https://www.vulgarisation-informatique.com/nettoyer-windows-ccleaner.php

-> Pour ceux qui voudraient aller plus loin en compagnie de jesses (fonctions avancés) :

   http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm 

puis un ultime scan :

j´aimerais que tu le fasse en mode sans echec 

Comment redémarrer en mode sans echec? 

   Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
   Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
   capture d´ecran : http://www.coupdepoucepc.com/images_cdppc4/fichespratiques/windowsxp/modese/modese2.jpg
   Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
   Ps : si F8 ne marche pas utilise la touche F5.

A.V.G : telecharge le programme avant d´aller en mode sans echec et mets le a jour

-> Télécharger AVG Anti-Spyware (ewido)

   http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

-> L´installer.

-> lancer AVG Anti-Spyware et clicker sur le bouton Mise à jour. Patienter...
   
   p.s : si les mises a jours ne se font pas, elles sont telechargable ici :

   http://downloads.ewido.net/avgas-signatures-full-current.exe

-> Sur la page "analyse":

   choisir d´abord l'onglet "paramètres".
   
   sous « Comment réagir » clicker sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer ».

-> Lancer le scan, (c´est long...).

-> A la fin du scan copier Et coller le rapport ici. 

-> Une aide en image au cas ou :

   Tutoriel d´installation et de parametrages :

   http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html   

redemarre normalement et post le rapport ici stp

@+

Helpmei34 · Answer

vOICI LE RAPPORT

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	20:02 2008-02-08

 + Résultat de l'analyse:	



:mozilla.123:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.174:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.175:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.176:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.177:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.180:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.97:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.2o7 : Aucune action entreprise.
:mozilla.32:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Adobe : Aucune action entreprise.
:mozilla.170:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.171:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.10:C:\Documents and Settings\dior\Application Data\Mozilla\Firefox\Profiles\1rsecd5t.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.12:C:\Documents and Settings\dior\Application Data\Mozilla\Firefox\Profiles\1rsecd5t.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.163:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.168:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.179:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.181:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.8:C:\Documents and Settings\dior\Application Data\Mozilla\Firefox\Profiles\1rsecd5t.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.9:C:\Documents and Settings\dior\Application Data\Mozilla\Firefox\Profiles\1rsecd5t.default\cookies.txt -> TrackingCookie.Advertising : Aucune action entreprise.
:mozilla.165:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.157:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.74:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Burstnet : Aucune action entreprise.
:mozilla.144:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
:mozilla.145:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
:mozilla.146:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
:mozilla.147:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
:mozilla.37:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Casinotropez : Aucune action entreprise.
:mozilla.156:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.7:C:\Documents and Settings\dior\Application Data\Mozilla\Firefox\Profiles\1rsecd5t.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.75:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Estat : Aucune action entreprise.
:mozilla.148:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Fastclick : Aucune action entreprise.
:mozilla.140:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.141:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Imrworldwide : Aucune action entreprise.
:mozilla.65:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
:mozilla.6:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Realmedia : Aucune action entreprise.
:mozilla.22:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Revenue : Aucune action entreprise.
:mozilla.23:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.24:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.25:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.26:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
:mozilla.105:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Sitestat : Aucune action entreprise.
:mozilla.106:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Sitestat : Aucune action entreprise.
:mozilla.10:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.8:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.9:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.34:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.35:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Statcounter : Aucune action entreprise.
:mozilla.41:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Statistik-gallup : Aucune action entreprise.
:mozilla.43:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Targetnet : Aucune action entreprise.
:mozilla.36:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.57:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Trafic : Aucune action entreprise.
:mozilla.31:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Tribalfusion : Aucune action entreprise.
:mozilla.42:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.46:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Yadro : Aucune action entreprise.
:mozilla.47:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Yadro : Aucune action entreprise.
:mozilla.172:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.173:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.
:mozilla.30:C:\Documents and Settings\marionette\Application Data\Mozilla\Firefox\Profiles\90vx54yy.default\cookies.txt -> TrackingCookie.Zedo : Aucune action entreprise.
C:\Deckard\System Scanner\20080127210749\backup\WINDOWS	emp\0B575794.exe.VIR -> Trojan.Agent.eeu : Aucune action entreprise.


Fin du rapport

g!rly · Answer

re,

tu as supprimé tous ce que avg a trouvé? car la c´est mentionné "aucune action entreprise...

fais ceci :

refarde ce site / tutorial de Malekal pour mettre ta console java a jour, tu as la version jre1.5.0_05 et tu veux la version 1.6.0_03

https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

click sur demarrer / executer tape sc stop FTRTSVC puis valide par ok

demarrer/ executer tape sc delete FTRTSVC puis valide par ok"

(respect les espaces )

a l´aide de hijack this coche et fix les lignes suivantes :
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom SA - C:\PROGRA~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe ( si toujour present )

puis 

Désactive ta restauration système:
pour cela :
Click droit sur poste de travail, dans l´arborescence sur propriétés; 
dans la nouvelle fenettre click sur l´onglet restauration système;
coche la case désactiver la restauration systèm et applique.
puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés; 
dans la nouvelle fenettre click sur l´onglet restauration systèm
décoche la case désactiver la restauration systèm et applique.

et en fin :

Télécharge ToolsCleaner sur ton bureau.
--> http://www.commentcamarche.net/telecharger/telechargement 34055291 toolsclean(...)
# Clique sur Recherche et laisse le scan agir ...
# Clique sur Suppression pour finaliser.
# Tu peux, si tu le souhaites, te servir des Options facultatives.
# Clique sur Quitter pour obtenir le rapport.
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

@+

Helpmei34 · Answer

Salut,

Version Java ok

04 fixé mais pas le 023 car introuvable

Rapport TCleaner.txt

-->- Recherche: 

C:\FixWareOut: trouvé !
C:\Combofix: trouvé !
C:\!Killbox: trouvé !
C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: trouvé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: trouvé !
C:\Documents and Settings\dior\Bureau\Dss.exe: trouvé !
C:\Documents and Settings\dior\Bureau\HijackThis.lnk: trouvé !
C:\Documents and Settings\dior\Bureau\FixWareout.exe: trouvé !
C:\Documents and Settings\dior\Bureau\KillBox.exe: trouvé !
C:\Documents and Settings\dior\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\dior\Bureau\HJTInstall.exe: trouvé !
C:\Documents and Settings\dior\Bureau\DiagHelp: trouvé !
C:\Documents and Settings\dior\Bureau\DiagHelp	ar.exe: trouvé !
C:\Documents and Settings\dior\Bureau\DiagHelp\LFiles.exe: trouvé !
C:\Documents and Settings\dior\Bureau\DiagHelp\gzip.exe: trouvé !
C:\Documents and Settings\marionette\Mes documents\LOGICIEL\HijackThis.exe: trouvé !
C:\Documents and Settings\marionette\Mes documents\LOGICIEL\WIN\Winpfind3u.exe: trouvé !
C:\Program Files\Trend Micro\HijackThis: trouvé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis\HijackThis.lnk: supprimé !
C:\Documents and Settings\dior\Bureau\Dss.exe: supprimé !
C:\Documents and Settings\dior\Bureau\HijackThis.lnk: supprimé !
C:\Documents and Settings\dior\Bureau\FixWareout.exe: supprimé !
C:\Documents and Settings\dior\Bureau\KillBox.exe: supprimé !
C:\Documents and Settings\dior\Bureau\ComboFix.exe: supprimé !
C:\Documents and Settings\dior\Bureau\HJTInstall.exe: supprimé !
C:\Documents and Settings\dior\Bureau\DiagHelp	ar.exe: supprimé !
C:\Documents and Settings\dior\Bureau\DiagHelp\LFiles.exe: supprimé !
C:\Documents and Settings\dior\Bureau\DiagHelp\gzip.exe: supprimé !
C:\Documents and Settings\marionette\Mes documents\LOGICIEL\HijackThis.exe: supprimé !
C:\Documents and Settings\marionette\Mes documents\LOGICIEL\WIN\Winpfind3u.exe: supprimé !
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe: supprimé !
C:\FixWareOut: supprimé !
C:\Combofix: supprimé !
C:\!Killbox: supprimé !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\HijackThis: supprimé !
C:\Documents and Settings\dior\Bureau\DiagHelp: supprimé !
C:\Program Files\Trend Micro\HijackThis: supprimé !

Restauration annulée !
Corbeille vidée!
Fichiers temporaires nettoyés !

g!rly · Answer

Salut, 

Comment va ton pc?

@+

Helpmei34 · Answer

Il va bien. Sauf quelques problèmes de connexions ..

C'est fini, j'ai plus de virus ?!

g!rly · Answer

Salut, 

Pour moi c´est ok

c´est quels genre de problemes pour la connection  ?

va faire un tour dans le journale des evenements et regarde si tu as des erreures ariivées au moment de tes problemes de connection.

https://www.pcastuces.com/pratique/windows/xp/default.htm

dis moi quoi

@+

Helpmei34 · Answer

Merci beaucoup en tout cas pour l'aide que tu m'as apporté ! C'est vraiment sympa d'avoir consacré du temps à m'aider !

Pour la connexion, j'ouvre un autre sujet ou pas ?

g!rly · Answer

Salut,

De rien ;-)

Pour la connection tu as regardé dans le journal des evenements?

@+

Helpmei34 · Answer

Oui mais comme je ne suis pas chez moi, je regarderai ce soir...

Je te tiens au courant

g!rly · Answer

ok

@+

Helpmei34 · Answer

En fait il y a des points d'exclamations dans des triangles jaunes et PLEINS D'erreurs !... Je poste le ?

g!rly · Answer

Salut,

essaie de voir si il y a des erreures qui correspondent au moment ou tu rencontre des difficultés de connection et fais une recherche sur google avec le numero de l´erreure et son intitulé.

dis moi quoi

@+

Helpmei34 · Answer

re,

j'ai eu un avertissement "TCP/IP  a atteint la limite de sécrurité imposé sur le nombre de tentatives de connexions TCP simultanées" ou encore "votre ordinateur n'a pu renouveler son adresse à partir du reseau" et quand ca s'est déconnecté j'ai eu cette info "l'explorateur a forcé une élection sur le réseau car un maître explorateur a été arrêté"

g!rly · Answer

Re,

Tu dois avoir des numeros d´id pour les erreures.

"L'explorateur a forcé une élection sur le réseau car un maître explorateur a été arrêté" elle as quelle id celle ci?

Exemple id 8021 , 8032 

@+

Helpmei34 · Answer

C'est 8033

g!rly · Answer

re,

bon apparament ce n´est pas la cause :

https://support.microsoft.com/fr-fr/help/459989

tu voie ce que j´ai fais la; avec le message d´erreure et son id j´ai cherché sur google et voici ce que j´ai trouvé. essaie de faire pareil pour les autres messages d´erreure avec leur id

@+

Helpmei34 · Answer

Je voulais te dire que je n'arrive pas à connecter ma livebox avec la clé wep.. rien ne se passe... Pour avoir le web, je fais "quitter" sur ma clé usb sagem et ca marche

mon câble réseau est constament débranché... et j'ai les erreurs 32003 et 1002 qui sont apparus y a10 min car j'avais aucun réseau dispo et j'ai dû rallumer l'ordi pour avoir de nouveau la connexion. je pense que l'erreur 1002 pourrait être le problème...
https://support.microsoft.com/fr-fr/help/298490

g!rly · Answer

Helpmei34,

tu as essayé de resoudre le probleme comme expliqué sur le lien microsoft, car oui je pensse qu´il s´agit bien de ca l´erreur dhcp 1002

tu as une connection wifi c´est bien ca?

@+

Helpmei34 · Answer

Coucou,

j'ai bien une connexion Wifi. Je n'arrive pas à trouver "dhcp" dans "Outils d'administration" que je trouve qu'en passant par le panneau de config'....

g!rly · Answer

Salut helpmei34,

Pas facil...

Pour le dhcp c´est la seule console qu´il y est sur ton pc, qu´elle ne soie pas dans le meme endroie qu´ils le disent; ca reste la meme.

essaie de passer ceci :

Télécharge Zeb-Restore http://telechargement.zebulon.fr/zeb-restore.html enregistre ce fichier sur le bureau.

-Clic droit Zeb-Restore.zip ==> Extraire tout choisis comme lieu d'enregistrement le bureau.
-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe
- Coche la case devant : 

Réinitialiser Fichier Hosts
Préfixes et Protocoles Internet
Sites de confiance et sensibles

- Ne coche aucune autre case
-Clique sur Restaurer
-Redémarre ton PC 

Dis moi si ca change quelque chose...

@+

Helpmei34 · Answer

Toujours pas... Je te mets la capture d'écran de ce que j'ai...
http://img301.imageshack.us/img301/6568/01capgz7.jpg

g!rly · Answer

Helpmei,

je suis desolé de te l´annoncer mais je ne vais pas pouvoir t´aider d´avantage...

je te propose de poster un message dans le forum internet de ce meme forum ou tu auras sans doute une aide plus approprié quand au probleme.

Bonne soirée`

@+

Helpmei34 · Answer

Oki... Merci beaucoup pour l'aide que tu m'as apporté !

Je me demandais juste quels logiciels je peux utiliser pour nettoyer mon ordi de temps en temps ?

g!rly · Answer

re,

pour nettoyer ton pc de temps en temps :

spybot
http://www.commentcamarche.net/telecharger/telecharger 122 spybot

adaware
http://www.commentcamarche.net/telecharger/telecharger 83 ad aware 2007 free

ccleaner
http://www.commentcamarche.net/telecharger/telecharger 168 ccleaner

et tu peux installer ceci en supllement de protection :

spywareblaster :

http://www.brightfort.com/spywareblaster.html

c´est un resident, il suffit de le mettre a jour de temps en temps car la version gratuite ne le fait pas toute seul , une fois installé et mis a jour tu mets toutes les protections sur "enable"

tuto : http://forum.telecharger.01net.com/forum/high-tech/PRODUITS/Questions-techniques/question-spywareblaser-sujet_174747_1.htm

voila,

bonne continuation´

bye.

Helpmei34 · Answer

Merci beaucoup

Bonne soirée

g!rly · Answer

de rien ;-)

Helpmei34 · Answer

Une dernière chose, est ce que je peux effacer les rapport, scan et fichiers reg que tu m'avais demandé de faire ?

g!rly · Answer

oui tu peux.
;-)

Virus msn "C'est toi!!??"

159 réponses

Votre réponse

Discussions similaires

Newsletters