Infecté par un virus!!! Résolu/Fermé

Question

Bonjour,
Grace à un tutoriel d'Antivir ( http://speedweb1.free.fr/frames2.php?page=tuto5 ) j'ai  mieux configuré les paramètres de mon antivirus  et après analyse un virus nommé : APPLNirCmd.3 a été découvert. j'ai fait une analyse avec hijack this au cas où.
merci de m'indiquer les lignes à supprimer :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:49, on 2008-01-30
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
F:\photoshop\PhotoshopElementsFileAgent.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\DeltTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
E:\deamon tool\DAEMON Tools Lite\daemon.exe
C:\Genius\ioCentre\gZoom.exe
C:\Genius\ioCentre\gIMMgm.exe
C:\Genius\ioCentre\gDeskMgm.exe
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
E:\fire-fox navigateur\firefox.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {8126A4A5-BFD3-46FE-BBDF-BFB5CF78E489} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O2 - BHO: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - (no file)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\acrobat reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\photoshop\apdproxy.exe"
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\deamon tool\DAEMON Tools Lite\daemon.exe"
O4 - HKLM\..\Policies\Explorer\Run: [5T19I3B27A] C:\WINDOWS\svchost.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - F:\photoshop\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxdd_device -   - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

g!rly · Answer

salut,

fais ceci :

coupe toi d´internet et coupe antivir le temps de passer combofix :

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe      

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse. 

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

@+

Harry Seldon · Answer

Ok merci de ton aide; voici le rapport de combofix: ComboFix 08-01-30.6 - Gaetan 2008-01-30 14:31:31.6 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.513 [GMT 1:00] Endroit: C:\Documents and Settings\Gaetan\Bureau\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))))))) . 2008-01-30 12:43 . 2008-01-30 12:43 d-------- C:\Program Files\Trend Micro 2008-01-26 00:31 . 2008-01-26 00:31 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-01-25 16:48 . 2008-01-25 16:48 d-------- C:\Program Files\Yahoo! 2008-01-18 16:14 . 2008-01-18 16:14 d-------- C:\Documents and Settings\All Users\Application Data\espionServerData 2008-01-18 16:09 . 2008-01-18 16:09 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-01-18 16:06 . 2008-01-18 16:06 d-------- C:\Program Files\Fichiers communs\Macrovision Shared 2008-01-18 16:02 . 2008-01-18 16:02 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe 2008-01-18 14:19 . 2008-01-18 14:19 d-------- C:\Program Files\Fichiers communs\Vbox 2008-01-17 20:23 . 2008-01-17 20:23 d-------- C:\Program Files\iPod 2008-01-17 20:23 . 2008-01-30 13:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-17 20:23 . 2008-01-17 20:23 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-01-06 19:10 . 2008-01-06 19:10 2,359,350 --a------ C:\WINDOWS\wallpaper.bmp 2008-01-06 15:49 . 2008-01-12 15:24 d-------- C:\Documents and Settings\Gaetan\Application Data\ma-config.com 2008-01-06 15:29 . 2008-01-06 15:29 d-------- C:\Documents and Settings\Gaetan\Application Data\Talkback 2008-01-01 17:21 . 2008-01-01 19:10 d-------- C:\Documents and Settings\Gaetan\Application Data\DAEMON Tools 2008-01-01 17:04 . 2008-01-08 22:28 d-------- C:\Program Files\free-downloads.net 2008-01-01 17:04 . 2008-01-01 17:04 d-------- C:\Program Files\Alcohol Soft 2007-12-30 15:30 . 2007-12-30 15:30 d-------- C:\Program Files\Alcohol Toolbar 2007-12-30 15:30 . 2007-12-30 15:30 229,057 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_4750.exe 2007-12-30 15:23 . 2008-01-01 16:49 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-25 16:43 . 2007-12-25 16:43 d-------- C:\Program Files\M-Audio Delta 2007-12-25 16:43 . 2004-09-09 16:45 1,122,304 --a------ C:\WINDOWS\system32\deltapnl.exe 2007-12-25 16:43 . 2004-09-10 11:28 291,456 --a------ C:\WINDOWS\system32\drivers\delta.sys 2007-12-25 16:43 . 2004-08-26 22:43 56,320 --a------ C:\WINDOWS\system32\delttray.exe 2007-12-25 16:43 . 2004-09-09 16:45 44,032 --a------ C:\WINDOWS\system32\deltapnl.dll 2007-12-25 16:43 . 2004-08-13 11:37 19,968 --a------ C:\WINDOWS\system32\deltasio.dll 2007-12-25 16:43 . 2004-08-13 12:06 5,120 --a------ C:\WINDOWS\system32\DeltaCPL.cpl 2007-12-25 14:48 . 2003-10-03 16:28 45,056 --a------ C:\WINDOWS\system32\vusetup.dll 2007-12-25 14:48 . 2003-08-04 08:29 11,392 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys 2007-12-25 14:48 . 2003-08-04 08:29 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys 2007-12-19 15:49 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2007-12-19 15:49 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2007-12-19 15:49 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2007-12-19 15:49 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2007-12-19 15:49 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2007-12-19 15:49 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll 2007-12-19 15:49 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2007-12-19 15:49 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2007-12-08 23:21 . 2007-12-08 23:21 165,376 --a------ C:\WINDOWS\system32\drivers\atksgt.sys 2007-12-08 23:21 . 2007-12-08 23:21 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys 2007-12-05 22:49 . 2006-07-12 04:48 17,408 --a------ C:\WINDOWS\system32\drivers\gMouPS2.sys 2007-12-05 22:49 . 2007-04-13 18:44 16,384 --a------ C:\WINDOWS\system32\drivers\gHidPnp.sys 2007-12-05 22:49 . 2007-03-13 19:21 9,856 --a------ C:\WINDOWS\system32\drivers\gMouUsb.sys 2007-12-05 22:47 . 2007-12-05 22:47 d-------- C:\Genius . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-30 13:30 --------- d-----w C:\Program Files\Wanadoo 2008-01-30 11:27 --------- d-----w C:\Documents and Settings\Gaetan\Application Data\uTorrent 2008-01-29 18:26 --------- d-----w C:\Documents and Settings\Gaetan\Application Data\dvdcss 2008-01-26 20:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-26 00:41 --------- d-----w C:\Documents and Settings\Gaetan\Application Data\OpenOffice.org2 2008-01-26 00:22 --------- d-----w C:\Program Files\Lx_cats 2008-01-25 19:05 --------- d-----w C:\Program Files\SpywareBlaster 2008-01-25 17:27 --------- d-----w C:\Documents and Settings\Gaetan\Application Data\Skype 2008-01-19 06:04 --------- d-----w C:\Documents and Settings\Gaetan\Application Data\MySpace 2008-01-18 15:06 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-01-18 15:02 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2008-01-18 15:02 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-01-18 15:02 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-01-17 19:23 --------- d-----w C:\Program Files\iTunes 2008-01-17 19:21 --------- d-----w C:\Program Files\QuickTime 2008-01-08 21:27 --------- d-----w C:\Program Files\Lexmark Toolbar 2008-01-07 20:34 --------- d-----w C:\Program Files\AntivirusFirewall 2007-12-14 15:57 --------- d-----w C:\Program Files\Java 2007-12-04 02:00 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-12-03 18:56 --------- d-----w C:\Program Files\CCleaner 2007-11-27 19:02 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-11-27 19:02 22,328 ----a-w C:\Documents and Settings\Gaetan\Application Data\PnkBstrK.sys 2007-11-27 19:02 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-28 12:43 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-24 00:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll 2007-10-24 00:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll 2007-10-24 00:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll 2007-10-24 00:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll 2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360] "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2008-01-17 10:40 816368] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:20 222080] "DAEMON Tools Lite"="E:\deamon tool\DAEMON Tools Lite\daemon.exe" [2007-12-29 13:05 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-11-01 05:15 163840 C:\WINDOWS\system32\VTTrayp.exe] "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 19:24 32768] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "Ai Quicker Help"="C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" [2006-06-01 19:57 3167232] "Launch PC Probe II"="C:\Program Files\ASUS\PC Probe II\Probe2.exe" [2006-04-25 17:48 2045952] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2006-11-02 01:44 185896] "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-04-25 03:52 385024] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-27 16:37 249896] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] "lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-02-13 00:58 291760] "lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-02-06 00:32 20480] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-13 01:00 312240] "Adobe Reader Speed Launcher"="E:\acrobat reader\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 22:44 8429568] "nwiz"="nwiz.exe" [2007-04-12 22:44 1626112 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-12 22:44 81920] "LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-22 23:05 102400] "ioCentre"="C:\Genius\ioCentre\gTaskBar.exe" [2007-04-13 15:04 61440] "DeltTray"="DeltTray.exe" [2004-08-26 22:43 56320 C:\WINDOWS\system32\delttray.exe] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048] "Adobe Photo Downloader"="F:\photoshop\apdproxy.exe" [2007-09-11 00:43 67488] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer un] "5T19I3B27A"= C:\WINDOWS\svchost.exe R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38] R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 04:39] R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;F:\photoshop\PhotoshopElementsFileAgent.exe [2007-09-11 00:45] R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-02-13 00:59] R3 gHidPnp;USB Device Enhanced Function Driver;C:\WINDOWS\system32\Drivers\gHidPnp.Sys [2007-04-13 18:44] R3 gMouUsb;USB Mouse Device Drv;C:\WINDOWS\system32\DRIVERS\gMouUsb.sys [2007-03-13 19:21] S3 gMouPS2;PS2 Scroll Mouse Device;C:\WINDOWS\system32\DRIVERS\gMouPS2.sys [2006-07-12 04:48] S3 jbridgep;jbridgep;C:\DOCUME~1\Gaetan\LOCALS~1\Temp\jbridgep.sys [] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-05-22 12:35] S3 se57bus;Sony Ericsson Device 087 driver (WDM);C:\WINDOWS\system32\DRIVERS\se57bus.sys [2006-11-30 15:12] S3 se57mdfl;Sony Ericsson Device 087 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se57mdfl.sys [2006-11-30 15:12] S3 se57mdm;Sony Ericsson Device 087 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se57mdm.sys [2006-11-30 15:12] S3 se57mgmt;Sony Ericsson Device 087 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se57mgmt.sys [2006-11-30 15:12] S3 se57nd5;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (NDIS);C:\WINDOWS\system32\DRIVERS\se57nd5.sys [2006-11-30 15:12] S3 se57obex;Sony Ericsson Device 087 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se57obex.sys [2006-11-30 15:12] S3 se57unic;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (WDM);C:\WINDOWS\system32\DRIVERS\se57unic.sys [2006-11-30 15:12] S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-03-31 03:39] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e0bf0d3-b883-11dc-a53d-001731e6ecc6}] \Shell\AutoRun\command - I:\Autorun.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-24 19:15:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-30 13:32:01 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-30 14:32:20 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXDDCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-01-30 14:32:46 ComboFix-quarantined-files.txt 2008-01-30 13:32:44 ComboFix2.txt 2008-01-30 13:29:18 ComboFix3.txt 2008-01-30 13:23:36 . 2008-01-09 16:39:51 --- E O F ---

g!rly · Answer

re,

Copie le texte ci-dessous :

File::

Folder::
C:\Program Files\free-downloads.net

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"5T19I3B27A"=-

Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :

http://serveur1.archive-host.com/membres/up/1366464061/CFScript.gif

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

@+

Harry Seldon · Answer

voici le rapport de combofix : ComboFix 08-01-30.6 - Gaetan 2008-01-30 17:13:46.7 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.570 [GMT 1:00] Endroit: C:\Documents and Settings\Gaetan\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Gaetan\Bureau\CFScript.txt * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\Program Files\free-downloads.net C:\Program Files\free-downloads.net\INSTALL.LOG C:\Program Files\free-downloads.net oolbar.cfg C:\Program Files\free-downloads.net\UNWISE.EXE C:\WINDOWS\system32\lsprst7.dll C:\WINDOWS\system32\ssprs.dll C:\WINDOWS\system32 mpPrst.dll . ((((((((((((((((((((((((((((( Fichiers créés 2007-12-28 to 2008-01-30 )))))))))))))))))))))))))))))))))))) . 2008-01-30 15:35 . 2008-01-30 15:35 14 --a------ C:\WINDOWS\system32 mpPrst.tgz 2008-01-30 12:43 . 2008-01-30 12:43 d-------- C:\Program Files\Trend Micro 2008-01-26 00:31 . 2008-01-26 00:31 d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion 2008-01-25 16:48 . 2008-01-25 16:48 d-------- C:\Program Files\Yahoo! 2008-01-18 16:14 . 2008-01-18 16:14 d-------- C:\Documents and Settings\All Users\Application Data\espionServerData 2008-01-18 16:09 . 2008-01-18 16:09 d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet 2008-01-18 16:06 . 2008-01-18 16:06 d-------- C:\Program Files\Fichiers communs\Macrovision Shared 2008-01-18 16:02 . 2008-01-18 16:02 116,472 --------- C:\WINDOWS\system32\pxcpyi64.exe 2008-01-18 14:19 . 2008-01-18 14:19 d-------- C:\Program Files\Fichiers communs\Vbox 2008-01-17 20:23 . 2008-01-17 20:23 d-------- C:\Program Files\iPod 2008-01-17 20:23 . 2008-01-30 13:44 54,156 --ah----- C:\WINDOWS\QTFont.qfn 2008-01-17 20:23 . 2008-01-17 20:23 1,409 --a------ C:\WINDOWS\QTFont.for 2008-01-10 15:27 . 2008-01-10 15:27 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx 2008-01-10 15:27 . 2008-01-10 15:27 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts 2008-01-06 19:10 . 2008-01-06 19:10 2,359,350 --a------ C:\WINDOWS\wallpaper.bmp 2008-01-06 15:49 . 2008-01-12 15:24 d-------- C:\Documents and Settings\Gaetan\Application Data\ma-config.com 2008-01-06 15:29 . 2008-01-06 15:29 d-------- C:\Documents and Settings\Gaetan\Application Data\Talkback 2008-01-01 17:21 . 2008-01-01 19:10 d-------- C:\Documents and Settings\Gaetan\Application Data\DAEMON Tools 2008-01-01 17:04 . 2008-01-01 17:04 d-------- C:\Program Files\Alcohol Soft 2007-12-30 15:30 . 2007-12-30 15:30 d-------- C:\Program Files\Alcohol Toolbar 2007-12-30 15:30 . 2007-12-30 15:30 229,057 --a------ C:\WINDOWS\Alcohol_Toolbar_Uninstaller_4750.exe 2007-12-30 15:23 . 2008-01-01 16:49 715,248 --a------ C:\WINDOWS\system32\drivers\sptd.sys 2007-12-25 16:43 . 2007-12-25 16:43 d-------- C:\Program Files\M-Audio Delta 2007-12-25 16:43 . 2004-09-09 16:45 1,122,304 --a------ C:\WINDOWS\system32\deltapnl.exe 2007-12-25 16:43 . 2004-09-10 11:28 291,456 --a------ C:\WINDOWS\system32\drivers\delta.sys 2007-12-25 16:43 . 2004-08-26 22:43 56,320 --a------ C:\WINDOWS\system32\delttray.exe 2007-12-25 16:43 . 2004-09-09 16:45 44,032 --a------ C:\WINDOWS\system32\deltapnl.dll 2007-12-25 16:43 . 2004-08-13 11:37 19,968 --a------ C:\WINDOWS\system32\deltasio.dll 2007-12-25 16:43 . 2004-08-13 12:06 5,120 --a------ C:\WINDOWS\system32\DeltaCPL.cpl 2007-12-25 14:48 . 2003-10-03 16:28 45,056 --a------ C:\WINDOWS\system32\vusetup.dll 2007-12-25 14:48 . 2003-08-04 08:29 11,392 --a------ C:\WINDOWS\system32\drivers\vulfntr.sys 2007-12-25 14:48 . 2003-08-04 08:29 6,912 --a------ C:\WINDOWS\system32\drivers\vulfnth.sys 2007-12-19 15:49 . 2004-05-14 16:53 462,848 --a------ C:\WINDOWS\system32\ltkrn13n.dll 2007-12-19 15:49 . 2004-05-14 16:53 450,560 --a------ C:\WINDOWS\system32\ltimg13n.dll 2007-12-19 15:49 . 2004-05-14 16:53 401,408 --a------ C:\WINDOWS\system32\lfcmp13n.dll 2007-12-19 15:49 . 2004-05-14 16:53 299,008 --a------ C:\WINDOWS\system32\ltdis13n.dll 2007-12-19 15:49 . 2004-01-12 02:09 206,336 --a------ C:\WINDOWS\system32\ltefx13n.dll 2007-12-19 15:49 . 2004-05-14 16:53 163,840 --a------ C:\WINDOWS\system32\ltfil13n.dll 2007-12-19 15:49 . 2003-11-04 15:10 69,632 --a------ C:\WINDOWS\system32\lfgif13n.dll 2007-12-19 15:49 . 2004-05-14 16:53 57,344 --a------ C:\WINDOWS\system32\lfbmp13n.dll 2007-12-08 23:21 . 2007-12-08 23:21 165,376 --a------ C:\WINDOWS\system32\drivers\atksgt.sys 2007-12-08 23:21 . 2007-12-08 23:21 18,048 --a------ C:\WINDOWS\system32\drivers\lirsgt.sys 2007-12-05 22:49 . 2006-07-12 04:48 17,408 --a------ C:\WINDOWS\system32\drivers\gMouPS2.sys 2007-12-05 22:49 . 2007-04-13 18:44 16,384 --a------ C:\WINDOWS\system32\drivers\gHidPnp.sys 2007-12-05 22:49 . 2007-03-13 19:21 9,856 --a------ C:\WINDOWS\system32\drivers\gMouUsb.sys 2007-12-05 22:47 . 2007-12-05 22:47 d-------- C:\Genius . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-30 16:12 --------- d-----w C:\Program Files\Wanadoo 2008-01-30 11:27 --------- d-----w C:\Documents and Settings\Gaetan\Application Data\uTorrent 2008-01-29 18:26 --------- d-----w C:\Documents and Settings\Gaetan\Application Data\dvdcss 2008-01-26 20:32 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-26 00:41 --------- d-----w C:\Documents and Settings\Gaetan\Application Data\OpenOffice.org2 2008-01-26 00:22 --------- d-----w C:\Program Files\Lx_cats 2008-01-25 19:05 --------- d-----w C:\Program Files\SpywareBlaster 2008-01-25 17:27 --------- d-----w C:\Documents and Settings\Gaetan\Application Data\Skype 2008-01-19 06:04 --------- d-----w C:\Documents and Settings\Gaetan\Application Data\MySpace 2008-01-18 15:06 --------- d-----w C:\Program Files\Fichiers communs\Adobe 2008-01-18 15:02 43,528 ------w C:\WINDOWS\system32\drivers\PxHelp20.sys 2008-01-18 15:02 129,784 ------w C:\WINDOWS\system32\pxafs.dll 2008-01-18 15:02 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe 2008-01-17 19:23 --------- d-----w C:\Program Files\iTunes 2008-01-17 19:21 --------- d-----w C:\Program Files\QuickTime 2008-01-08 21:27 --------- d-----w C:\Program Files\Lexmark Toolbar 2008-01-07 20:34 --------- d-----w C:\Program Files\AntivirusFirewall 2007-12-14 15:57 --------- d-----w C:\Program Files\Java 2007-12-04 02:00 --------- d-----w C:\Program Files\Windows Live Toolbar 2007-12-03 18:56 --------- d-----w C:\Program Files\CCleaner 2007-11-27 19:02 66,872 ----a-w C:\WINDOWS\system32\PnkBstrA.exe 2007-11-27 19:02 22,328 ----a-w C:\Documents and Settings\Gaetan\Application Data\PnkBstrK.sys 2007-11-27 19:02 103,736 ----a-w C:\WINDOWS\system32\PnkBstrB.exe 2007-11-07 09:28 728,576 ----a-w C:\WINDOWS\system32\lsasrv.dll 2007-10-29 22:43 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll 2007-10-28 12:43 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll 2007-10-25 08:28 222,720 ----a-w C:\WINDOWS\system32\wmasf.dll 2007-10-24 00:47 96,760 ----a-w C:\WINDOWS\system32\dfshim.dll 2007-10-24 00:47 84,480 ----a-w C:\WINDOWS\system32\mscories.dll 2007-10-24 00:47 282,112 ----a-w C:\WINDOWS\system32\mscoree.dll 2007-10-24 00:47 158,720 ----a-w C:\WINDOWS\system32\mscorier.dll 2007-10-10 23:49 824,832 ----a-w C:\WINDOWS\system32\wininet.dll . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WOOKIT"="C:\PROGRA~1\Wanadoo\Shell.exe" [2004-08-23 13:50 122880] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 00:09 15360] "ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2008-01-17 10:40 816368] "AlcoholAutomount"="C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" [2007-12-22 08:20 222080] "DAEMON Tools Lite"="E:\deamon tool\DAEMON Tools Lite\daemon.exe" [2007-12-29 13:05 486856] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "VTTimer"="VTTimer.exe" [2005-03-08 04:33 53248 C:\WINDOWS\system32\VTTimer.exe] "VTTrayp"="VTtrayp.exe" [2005-11-01 05:15 163840 C:\WINDOWS\system32\VTTrayp.exe] "RemoteControl"="C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" [2004-11-02 19:24 32768] "NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 10:50 155648] "Ai Quicker Help"="C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" [2006-06-01 19:57 3167232] "Launch PC Probe II"="C:\Program Files\ASUS\PC Probe II\Probe2.exe" [2006-04-25 17:48 2045952] "WOOWATCH"="C:\PROGRA~1\Wanadoo\Watch.exe" [2004-08-23 13:49 20480] "TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" [2006-11-02 01:44 185896] "JMB36X Configure"="C:\WINDOWS\system32\JMRaidTool.exe" [2006-04-25 03:52 385024] "avgnt"="C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-27 16:37 249896] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312] "lxddmon.exe"="C:\Program Files\Lexmark 2500 Series\lxddmon.exe" [2007-02-13 00:58 291760] "lxddamon"="C:\Program Files\Lexmark 2500 Series\lxddamon.exe" [2007-02-06 00:32 20480] "FaxCenterServer"="C:\Program Files\Lexmark Fax Solutions\fm3032.exe" [2007-02-13 01:00 312240] "Adobe Reader Speed Launcher"="E:\acrobat reader\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-04-12 22:44 8429568] "nwiz"="nwiz.exe" [2007-04-12 22:44 1626112 C:\WINDOWS\system32 wiz.exe] "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2007-04-12 22:44 81920] "LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-22 23:05 102400] "ioCentre"="C:\Genius\ioCentre\gTaskBar.exe" [2007-04-13 15:04 61440] "DeltTray"="DeltTray.exe" [2004-08-26 22:43 56320 C:\WINDOWS\system32\delttray.exe] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-01-10 15:27 385024] "iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-01-15 03:22 267048] "Adobe Photo Downloader"="F:\photoshop\apdproxy.exe" [2007-09-11 00:43 67488] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-20 00:09 15360] R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-02-23 04:38] R0 xfilt;VIA SATA IDE Hot-plug Driver;C:\WINDOWS\system32\DRIVERS\xfilt.sys [2006-02-23 04:39] R2 AdobeActiveFileMonitor6.0;Adobe Active File Monitor V6;F:\photoshop\PhotoshopElementsFileAgent.exe [2007-09-11 00:45] R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-02-13 00:59] R3 gHidPnp;USB Device Enhanced Function Driver;C:\WINDOWS\system32\Drivers\gHidPnp.Sys [2007-04-13 18:44] R3 gMouUsb;USB Mouse Device Drv;C:\WINDOWS\system32\DRIVERS\gMouUsb.sys [2007-03-13 19:21] S3 gMouPS2;PS2 Scroll Mouse Device;C:\WINDOWS\system32\DRIVERS\gMouPS2.sys [2006-07-12 04:48] S3 jbridgep;jbridgep;C:\DOCUME~1\Gaetan\LOCALS~1\Temp\jbridgep.sys [] S3 RTLWUSB;Realtek RTL8187 Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\WINDOWS\system32\DRIVERS\RTL8187.sys [2006-05-22 12:35] S3 se57bus;Sony Ericsson Device 087 driver (WDM);C:\WINDOWS\system32\DRIVERS\se57bus.sys [2006-11-30 15:12] S3 se57mdfl;Sony Ericsson Device 087 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se57mdfl.sys [2006-11-30 15:12] S3 se57mdm;Sony Ericsson Device 087 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se57mdm.sys [2006-11-30 15:12] S3 se57mgmt;Sony Ericsson Device 087 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se57mgmt.sys [2006-11-30 15:12] S3 se57nd5;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (NDIS);C:\WINDOWS\system32\DRIVERS\se57nd5.sys [2006-11-30 15:12] S3 se57obex;Sony Ericsson Device 087 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se57obex.sys [2006-11-30 15:12] S3 se57unic;Sony Ericsson Device 087 USB Ethernet Emulation SEMC57 (WDM);C:\WINDOWS\system32\DRIVERS\se57unic.sys [2006-11-30 15:12] S3 SjyPkt;SjyPkt;C:\WINDOWS\System32\Drivers\SjyPkt.sys [2006-03-31 03:39] S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58] S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 07:08] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3e0bf0d3-b883-11dc-a53d-001731e6ecc6}] \Shell\AutoRun\command - I:\Autorun.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' "2008-01-24 19:15:01 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job" - C:\Program Files\Apple Software Update\SoftwareUpdate.exe "2008-01-30 15:32:02 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job" - C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-30 17:15:18 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... HKLM\Software\Microsoft\Windows\CurrentVersion\Run LXDDCATS = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16??????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????? Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . Temps d'accomplissement: 2008-01-30 17:15:40 ComboFix-quarantined-files.txt 2008-01-30 16:15:38 ComboFix2.txt 2008-01-30 13:32:46 ComboFix3.txt 2008-01-30 13:29:18 ComboFix4.txt 2008-01-30 13:23:36 . 2008-01-09 16:39:51 --- E O F --- rapport hijackthis : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 17:20:32, on 30/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe F:\photoshop\PhotoshopElementsFileAgent.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\lxddcoms.exe C:\WINDOWS\system32 vsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe C:\Program Files\ASUS\PC Probe II\Probe2.exe C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\WINDOWS\system32\DeltTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Genius\ioCentre\gAutoPan.exe C:\WINDOWS\system32\ctfmon.exe E:\deamon tool\DAEMON Tools Lite\daemon.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\explorer.exe C:\Program Files\Wanadoo\GestionnaireInternet.exe C:\Program Files\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Wanadoo\Watch.exe E:\fire-fox navigateur\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file) O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - (no file) O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1 O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\acrobat reader\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe O4 - HKLM\..\Run: [DeltTray] DeltTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\photoshop\apdproxy.exe" O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\deamon tool\DAEMON Tools Lite\daemon.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - F:\photoshop\PhotoshopElementsFileAgent.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32 vsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

Harry Seldon · Answer

je ne me suis pas mis en mode sans echec avec hijack this et combofix est ce que ca ne remet pas en question la valeur des rapports que je vous ai fourni ?

g!rly · Answer

re,

pour les resultats, non ca a pas affectés les resultats, mais je ne t´ai jamais demandé de les faire en mode sans echec...

a l´aide de hijack this coche et fix les lignes suivantes :

O3 - Toolbar: (no name) - {4E7BD74F-2B8D-469E-8DA9-FD60BB9AAE33} - (no file)
O3 - Toolbar: (no name) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - (no file)

Tutoriel d´utilisation (video) :

-> http://pageperso.aol.fr/balltrap34/demohijack.htm

instales un par feu :

par feu : kerio

http://www.malekal.com/kerio_firewall.php#mozTocId721480

https://www.vulgarisation-informatique.com/kerio.php

https://kerio.probb.fr/f2-sunbelt-kerio-personal-firewall

ou zone alarm plus facil a configurer mais moins performant

https://www.malekal.com/tutoriel-zonealarm-firewall/

et fais ceci :

A.V.G :

-> Télécharger AVG Anti-Spyware (ewido)

   http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

-> L´installer.

-> lancer AVG Anti-Spyware et clicker sur le bouton Mise à jour. Patienter...
   
   p.s : si les mises a jours ne se font pas, elles sont telechargable ici :

   http://downloads.ewido.net/avgas-signatures-full-current.exe

-> Sur la page "analyse":

   choisir d´abord l'onglet "paramètres".
   
   sous « Comment réagir » clicker sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer ».

-> Lancer le scan, (c´est long...).

-> A la fin du scan copier Et coller le rapport ici. 

-> Une aide en image au cas ou :

   Tutoriel d´installation et de parametrages :

   http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

@+

Harry Seldon · Answer

Re,
 voici le rapport de scan d'AVG (au fait pendant le scan d'Avg  j'ai recu d'antivir 18 nouvelles alertes d'infection, du meme virus que precedement, et le scan d'avg ne detecte pas de probleme :

---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	19:48:30 30/01/2008

 + Résultat de l'analyse:	



	Rien à signaler.



Fin du rapport

Harry Seldon · Answer

j'ai relancé un scan avec antivir, mais il détecte combofix comme un virus que dois je faire?

g!rly · Answer

tu peux le supprimer...

Harry Seldon · Answer

merci G!rly d'être aussi réactive;
je t'envoi le rapport du scan tout à l'heure...

Harry Seldon · Answer

Re, rapport antivir: AntiVir PersonalEdition Classic Report file date: mercredi 30 janvier 2008 19:54 Scanning for 1085232 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: GAETAN-ORDI Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 05/09/2007 16:49:04 AVSCAN.DLL : 7.0.6.0 49192 Bytes 05/09/2007 16:49:04 LUKE.DLL : 7.0.5.3 147496 Bytes 05/09/2007 16:49:06 LUKERES.DLL : 7.0.6.1 10280 Bytes 05/09/2007 16:49:06 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 16:50:14 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 12:32:36 ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 11:30:24 ANTIVIR3.VDF : 7.0.2.71 203264 Bytes 30/01/2008 12:41:36 AVEWIN32.DLL : 7.6.0.57 3215872 Bytes 29/01/2008 13:04:05 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 05/09/2007 16:49:04 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 15/01/2008 22:28:01 AVREG.DLL : 7.0.1.6 30760 Bytes 05/09/2007 16:49:04 AVARKT.DLL : 1.0.0.20 278568 Bytes 05/09/2007 16:49:03 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 05/09/2007 16:49:04 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 05/09/2007 16:48:53 RCTEXT.DLL : 7.0.62.0 86056 Bytes 05/09/2007 16:48:53 SQLITE3.DLL : 3.3.17.1 339968 Bytes 05/09/2007 16:49:07 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: G:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: medium Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: mercredi 30 janvier 2008 19:54 Starting search for hidden objects. '49552' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'Watch.exe' - '1' Module(s) have been scanned Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned Scan process 'PollingModule.exe' - '1' Module(s) have been scanned Scan process 'Inactivity.exe' - '1' Module(s) have been scanned Scan process 'Toaster.exe' - '1' Module(s) have been scanned Scan process 'ComComp.exe' - '1' Module(s) have been scanned Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'daemon.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'delttray.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned Scan process 'lxddamon.exe' - '1' Module(s) have been scanned Scan process 'avgas.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'Probe2.exe' - '1' Module(s) have been scanned Scan process 'AsDHRemote.exe' - '1' Module(s) have been scanned Scan process 'AsRc.exe' - '1' Module(s) have been scanned Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned Scan process 'VTTimer.exe' - '1' Module(s) have been scanned Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'lxddcoms.exe' - '1' Module(s) have been scanned Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '0' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 56 processes with 56 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] No virus was found! Boot sector 'F:\' [NOTE] No virus was found! Boot sector 'G:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '33' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\Documents and Settings\Gaetan\Bureau\ComboFix.exe [0] Archive type: RAR SFX (self extracting) --> 327882R2FWJFW ircmd.com [DETECTION] Contains detection pattern of the application APPL/NirCmd.3 --> 327882R2FWJFW ircmd.cfexe [DETECTION] Contains detection pattern of the application APPL/NirCmd.3 --> 327882R2FWJFW\psexec.cfexe [DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072 [INFO] The file was deleted! C:\System Volume Information\_restore{ABAF5229-C7C3-4DE4-9897-061B3C28B2DC}\RP187\A0037744.exe [DETECTION] Contains detection pattern of the application APPL/NirCmd.3 [INFO] The file was deleted! C:\System Volume Information\_restore{ABAF5229-C7C3-4DE4-9897-061B3C28B2DC}\RP187\A0037745.exe [0] Archive type: RAR SFX (self extracting) --> 327882R2FWJFW ircmd.com [DETECTION] Contains detection pattern of the application APPL/NirCmd.3 --> 327882R2FWJFW ircmd.cfexe [DETECTION] Contains detection pattern of the application APPL/NirCmd.3 --> 327882R2FWJFW\psexec.cfexe [DETECTION] Contains detection pattern of the application APPL/Rmadmin.131072 [INFO] The file was deleted! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'E:\' Begin scan in 'F:\' Begin scan in 'G:\' End of the scan: mercredi 30 janvier 2008 20:56 Used time: 1:01:57 min The scan has been done completely. 12439 Scanning directories 426309 Files were scanned 7 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 3 files were deleted 0 files were repaired 0 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 426302 Files not concerned 2130 Archives were scanned 3 Warnings 31 Notes 49552 Objects were scanned with rootkit scan 0 Hidden objects were found un ptit hijack this pour la route : Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 21:01:46, on 30/01/2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe F:\photoshop\PhotoshopElementsFileAgent.exe C:\Program Files\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe C:\WINDOWS\system32\lxddcoms.exe C:\WINDOWS\system32 vsvc32.exe C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PnkBstrB.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe C:\WINDOWS\system32\VTTimer.exe C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe C:\Program Files\ASUS\PC Probe II\Probe2.exe C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\Program Files\Lexmark 2500 Series\lxddamon.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\system32\RUNDLL32.EXE C:\WINDOWS\system32\DeltTray.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\ctfmon.exe E:\deamon tool\DAEMON Tools Lite\daemon.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Wanadoo\GestionnaireInternet.exe C:\Program Files\Wanadoo\ComComp.exe C:\PROGRA~1\Wanadoo\Toaster.exe C:\PROGRA~1\Wanadoo\Inactivity.exe C:\PROGRA~1\Wanadoo\PollingModule.exe C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE C:\Program Files\Wanadoo\Watch.exe E:\fire-fox navigateur\firefox.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/?v=msgrv75 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll R3 - URLSearchHook: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - (no file) O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll O4 - HKLM\..\Run: [VTTimer] VTTimer.exe O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe" O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe" O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1 O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB ealsched.exe" -osboot O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe" O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe" O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\acrobat reader\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup O4 - HKLM\..\Run: [nwiz] nwiz.exe /install O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16 O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe O4 - HKLM\..\Run: [DeltTray] DeltTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\photoshop\apdproxy.exe" O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\deamon tool\DAEMON Tools Lite\daemon.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ? O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU) O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - F:\photoshop\PhotoshopElementsFileAgent.exe O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe O23 - Service: lxdd_device - - C:\WINDOWS\system32\lxddcoms.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32 vsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe O23 - Service: Sunbelt Personal Firewall 4 (SPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

g!rly · Answer

re,

A.V.G :

-> Télécharger AVG Anti-Spyware (ewido)

   http://www.commentcamarche.net/telecharger/telecharger 218 avg anti spyware

-> L´installer.

-> lancer AVG Anti-Spyware et clicker sur le bouton Mise à jour. Patienter...
   
   p.s : si les mises a jours ne se font pas, elles sont telechargable ici :

   http://downloads.ewido.net/avgas-signatures-full-current.exe

-> Sur la page "analyse":

   choisir d´abord l'onglet "paramètres".
   
   sous « Comment réagir » clicker sur « Actions recommandées » et dans le menu déroulant, choisir « Supprimer ».

-> Lancer le scan, (c´est long...).

-> A la fin du scan copier Et coller le rapport ici. 

-> Une aide en image au cas ou :

   Tutoriel d´installation et de parametrages :

   http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html 

@+

Harry Seldon · Answer

j'ai avg et j'ai posté le rapport d'analyse!! mais bon,
 j'ai suivit tes instructions donc j'ai désinstallé l'ancien. j'attend le rapport

g!rly · Answer

oui desolé, on l´as deja executé...

passe celui ci :

http://www.commentcamarche.net/telecharger/telecharger 122 spybot

et detail les resultats...

@+

Harry Seldon · Answer

Yep! j'epère que tu n'es pas encore couché! 
je te fourni le rapport;
 que dois je faire de spybot, ma navigation et tres alléatoire ca rame de plus en plus et il m'est difficile d'accéder au forum et d'un coup ca retrace surtout quand je deconnecte et reconnecte, ca c'est agravé depuis l'installation de spybot, mais le problème est present depuis quelques heures .



--- Search result list ---
Félicitations!: Aucun mouchard n'a été trouvé. ()
  


--- Spybot - Search & Destroy version: 1.5  (build: 20070830) ---

2007-08-31 blindman.exe (1.0.0.6)
2007-08-31 SDMain.exe (1.0.0.4)
2007-08-31 SDUpdate.exe (1.0.6.4)
2007-08-31 SDWinSec.exe (1.0.0.8)
2007-08-31 SpybotSD.exe (1.5.1.15)
2007-08-31 TeaTimer.exe (1.5.0.9)
2008-01-30 unins000.exe (51.46.0.0)
2007-08-31 Update.exe (1.4.0.5)
2007-08-31 advcheck.dll (1.5.3.0)
2007-04-02 aports.dll (2.1.0.0)
2007-04-02 DelZip179.dll (1.79.5.3)
2007-08-31 SDHelper.dll (1.5.0.8)
2007-08-31 Tools.dll (2.1.2.0)
2008-01-30 Includes\Cookies.sbi (*)
2007-12-26 Includes\Dialer.sbi (*)
2008-01-30 Includes\DialerC.sbi (*)
2008-01-30 Includes\HeavyDuty.sbi (*)
2007-12-26 Includes\Hijackers.sbi (*)
2008-01-30 Includes\HijackersC.sbi (*)
2007-10-04 Includes\Keyloggers.sbi (*)
2008-01-30 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-01-16 Includes\Malware.sbi (*)
2008-01-30 Includes\MalwareC.sbi (*)
2007-10-24 Includes\PUPS.sbi (*)
2008-01-30 Includes\PUPSC.sbi (*)
2008-01-30 Includes\Revision.sbi (*)
2008-01-09 Includes\Security.sbi (*)
2008-01-30 Includes\SecurityC.sbi (*)
2008-01-23 Includes\Spybots.sbi (*)
2008-01-30 Includes\SpybotsC.sbi (*)
2007-11-06 Includes\Tracks.uti
2008-01-16 Includes\Trojans.sbi (*)
2008-01-30 Includes\TrojansC.sbi (*)
2008-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
 / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Hotfix (KB928366)
 / .NETFramework / 1.1: Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
 / Internet Explorer 6 / SP0: Correctif Windows XP - Article Base de Connaissances 834707
 / MSXML4SP2: FIX: ASP stops responding when calling Response.Redirect to another server using msxml4 sp2
 / MSXML4SP2: Security update for MSXML4 SP2 (KB936181)
 / Windows / SP1: Microsoft Internationalized Domain Names Mitigation APIs
 / Windows / SP1: Microsoft National Language Support Downlevel APIs
 / Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)
 / Windows Media Player 10: Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734)
 / Windows Media Player 11: Mise à jour de sécurité pour Lecteur Windows Media 11 (KB936782)
 / Windows Media Player 11: Correctif pour Lecteur Windows Media 11 (KB939683)
 / Windows Media Player 6.4: Mise à jour de sécurité pour Lecteur Windows Media 6.4 (KB925398)
 / Windows Media Player 9: Mise à jour de sécurité pour Lecteur Windows Media 9 (KB917734)
 / Windows XP: Mise à jour de sécurité pour Windows XP (KB923689)
 / Windows XP: Mise à jour de sécurité pour Windows XP (KB941569)
 / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090)
 / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969)
 / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768)
 / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566)
 / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143)
 / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127)
 / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653)
 / Windows XP / SP0: Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615)
 / Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP
 / Windows XP / SP2: Windows XP Service Pack 2
 / Windows XP / SP3: Correctif Windows XP - KB873339
 / Windows XP / SP3: Correctif Windows XP - KB885835
 / Windows XP / SP3: Correctif Windows XP - KB885836
 / Windows XP / SP3: Correctif Windows XP - KB886185
 / Windows XP / SP3: Correctif Windows XP - KB887472
 / Windows XP / SP3: Correctif Windows XP - KB888302
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB890046)
 / Windows XP / SP3: Correctif Windows XP - KB890859
 / Windows XP / SP3: Correctif Windows XP - KB891781
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB893756)
 / Windows XP / SP3: Windows Installer 3.1 (KB893803)
 / Windows XP / SP3: Mise à jour pour Windows XP (KB894391)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896358)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896423)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896424)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB896428)
 / Windows XP / SP3: Mise à jour pour Windows XP (KB898461)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB899587)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB899589)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB899591)
 / Windows XP / SP3: Mise à jour pour Windows XP (KB900485)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB900725)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB901017)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB901214)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB902400)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB904706)
 / Windows XP / SP3: Mise à jour pour Windows XP (KB904942)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB905414)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB905749)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB908519)
 / Windows XP / SP3: Mise à jour pour Windows XP (KB908531)
 / Windows XP / SP3: Mise à jour pour Windows XP (KB910437)
 / Windows XP / SP3: Mise à jour pour Windows XP (KB911280)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB911562)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB911567)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB911927)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB912919)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB913580)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB914388)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB914389)
 / Windows XP / SP3: Correctif pour Windows XP (KB914440)
 / Windows XP / SP3: Hotfix for Windows XP (KB915865)
 / Windows XP / SP3: Mise à jour pour Windows XP (KB916595)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB917344)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB917422)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB917953)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB918118)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB918439)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB918899)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB919007)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920213)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920214)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920670)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920683)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB920685)
 / Windows XP / SP3: Mise à jour pour Windows XP (KB920872)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB921398)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB921503)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB921883)
 / Windows XP / SP3: Mise à jour pour Windows XP (KB922582)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB922616)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB922760)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB922819)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB923191)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB923414)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB923694)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB923980)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB924191)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB924270)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB924496)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB924667)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB925486)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB925902)
 / Windows XP / SP3: Hotfix for Windows XP (KB926239)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB926255)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB926436)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB927779)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB927802)
 / Windows XP / SP3: Mise à jour pour Windows XP (KB927891)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB928255)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB928843)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB929123)
 / Windows XP / SP3: Mise à jour pour Windows XP (KB929338)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB930178)
 / Windows XP / SP3: Mise à jour pour Windows XP (KB930916)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB931261)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB931784)
 / Windows XP / SP3: Mise à jour pour Windows XP (KB931836)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB932168)
 / Windows XP / SP3: Mise à jour pour Windows XP (KB933360)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB933729)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB935839)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB935840)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB936021)
 / Windows XP / SP3: Mise à jour pour Windows XP (KB936357)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB937894)
 / Windows XP / SP3: Mise à jour pour Windows XP (KB938828)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB938829)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB941202)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB941568)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB941644)
 / Windows XP / SP3: Mise à jour pour Windows XP (KB942763)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB943460)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB943485)
 / Windows XP / SP3: Mise à jour de sécurité pour Windows XP (KB944653)


--- Startup entries list ---
Located: HK_LM:Run, !AVG Anti-Spyware
command: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
   file: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
   size: 6731312
    MD5: CC6BC45DD5A58158645E7FB2953604FE

Located: HK_LM:Run, Adobe Photo Downloader
command: "F:\photoshop\apdproxy.exe"
   file: F:\photoshop\apdproxy.exe
   size: 67488
    MD5: BCCB77572408155F984A02F9BFFDF225

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "E:\acrobat reader\Reader\Reader_sl.exe"
   file: E:\acrobat reader\Reader\Reader_sl.exe
   size: 39792
    MD5: E28D00EC675F5F5A5A0555E7A4523A6E

Located: HK_LM:Run, Ai Quicker Help
command: "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
   file: C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
   size: 3167232
    MD5: 675FACC565B3B2770DC53F40615F2969

Located: HK_LM:Run, avgnt
command: "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
   file: C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
   size: 249896
    MD5: 6E898F5959E7195D64594C30E9251938

Located: HK_LM:Run, DeltTray
command: DeltTray.exe
   file: C:\WINDOWS\system32\DeltTray.exe
   size: 56320
    MD5: D4DD44EEAEE3799C358DF987AA498B17

Located: HK_LM:Run, FaxCenterServer
command: "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
   file: C:\Program Files\Lexmark Fax Solutions\fm3032.exe
   size: 312240
    MD5: C88E78BE4D6A679F628AF206BF2C0FA6

Located: HK_LM:Run, ioCentre
command: C:\Genius\ioCentre\gTaskBar.exe
   file: C:\Genius\ioCentre\gTaskBar.exe
   size: 61440
    MD5: EDAA60D669EFE677ADC528D07023A0F1

Located: HK_LM:Run, iTunesHelper
command: "C:\Program Files\iTunes\iTunesHelper.exe"
   file: C:\Program Files\iTunes\iTunesHelper.exe
   size: 267048
    MD5: 020B109C1D515879C04A36D6BCA949B8

Located: HK_LM:Run, JMB36X Configure
command: C:\WINDOWS\system32\JMRaidTool.exe boot
   file: C:\WINDOWS\system32\JMRaidTool.exe
   size: 385024
    MD5: 41A7F947E4E72314A21A1605B8279E83

Located: HK_LM:Run, Launch PC Probe II
command: "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
   file: C:\Program Files\ASUS\PC Probe II\Probe2.exe
   size: 2045952
    MD5: 32A677AAA3115B94EEFF749F81A4EA54

Located: HK_LM:Run, lxddamon
command: "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
   file: C:\Program Files\Lexmark 2500 Series\lxddamon.exe
   size: 20480
    MD5: F4E6A9FD4CAE2A7DBF3936A81B84E7A4

Located: HK_LM:Run, LXDDCATS
command: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
   file: 
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: HK_LM:Run, lxddmon.exe
command: "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
   file: C:\Program Files\Lexmark 2500 Series\lxddmon.exe
   size: 291760
    MD5: 61C3B58898F874FC87AF90354FB45F61

Located: HK_LM:Run, NeroFilterCheck
command: C:\WINDOWS\system32\NeroCheck.exe
   file: C:\WINDOWS\system32\NeroCheck.exe
   size: 155648
    MD5: 3E4C03CEFAD8DE135263236B61A49C90

Located: HK_LM:Run, NvCplDaemon
command: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
   file: 
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: HK_LM:Run, NvMediaCenter
command: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
   file: 
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: HK_LM:Run, nwiz
command: nwiz.exe /install
   file: C:\WINDOWS\system32
wiz.exe
   size: 1626112
    MD5: A076032A29BE8C9591877A752EA3F705

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
   file: C:\Program Files\QuickTime\QTTask.exe
   size: 385024
    MD5: F89DA660C511652EE511FE3AB2F04BFC

Located: HK_LM:Run, RemoteControl
command: "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
   file: C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
   size: 32768
    MD5: 8FB740D758B14B1BC950CC347C21E461

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
   file: C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
   size: 132496
    MD5: D4F0F7437327DBAA264338BAAFB5E5AF

Located: HK_LM:Run, TkBellExe
command: "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
   file: C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
   size: 185896
    MD5: 1EDA1C63E0D2AE1AEBDF98083454079C

Located: HK_LM:Run, VTTimer
command: VTTimer.exe
   file: C:\WINDOWS\system32\VTTimer.exe
   size: 53248
    MD5: 09F1A97848BFAB3F36EB216681465B85

Located: HK_LM:Run, VTTrayp
command: VTtrayp.exe
   file: C:\WINDOWS\system32\VTtrayp.exe
   size: 163840
    MD5: EC9DD7D903EF1E91AF7088FDF82F8341

Located: HK_LM:Run, WOOWATCH
command: C:\PROGRA~1\Wanadoo\Watch.exe
   file: C:\PROGRA~1\Wanadoo\Watch.exe
   size: 20480
    MD5: 9A29592CD135F6262C429152F7A8DD4A

Located: HK_CU:Run, CTFMON.EXE
  where: .DEFAULT...
command: C:\WINDOWS\System32\CTFMON.EXE
   file: C:\WINDOWS\System32\CTFMON.EXE
   size: 15360
    MD5: 64E41E8FEE655B03E3F19DED21BA5118

Located: HK_CU:Run, CTFMON.EXE
  where: S-1-5-19...
command: C:\WINDOWS\System32\CTFMON.EXE
   file: C:\WINDOWS\System32\CTFMON.EXE
   size: 15360
    MD5: 64E41E8FEE655B03E3F19DED21BA5118

Located: HK_CU:Run, CTFMON.EXE
  where: S-1-5-20...
command: C:\WINDOWS\System32\CTFMON.EXE
   file: C:\WINDOWS\System32\CTFMON.EXE
   size: 15360
    MD5: 64E41E8FEE655B03E3F19DED21BA5118

Located: HK_CU:Run, AlcoholAutomount
  where: S-1-5-21-861567501-1220945662-1801674531-1003...
command: "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
   file: C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe
   size: 222080
    MD5: 3BC0D4CDF9E7DE8E8AB3380A454CC818

Located: HK_CU:Run, ccleaner
  where: S-1-5-21-861567501-1220945662-1801674531-1003...
command: "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
   file: C:\Program Files\CCleaner\ccleaner.exe
   size: 816368
    MD5: 896AE27167E88DA1F6A13482D069D784

Located: HK_CU:Run, ctfmon.exe
  where: S-1-5-21-861567501-1220945662-1801674531-1003...
command: C:\WINDOWS\system32\ctfmon.exe
   file: C:\WINDOWS\system32\ctfmon.exe
   size: 15360
    MD5: 64E41E8FEE655B03E3F19DED21BA5118

Located: HK_CU:Run, DAEMON Tools Lite
  where: S-1-5-21-861567501-1220945662-1801674531-1003...
command: "E:\deamon tool\DAEMON Tools Lite\daemon.exe"
   file: E:\deamon tool\DAEMON Tools Lite\daemon.exe
   size: 486856
    MD5: 86527BD9CDDCB84DC3117E098E6111ED

Located: HK_CU:Run, SpybotSD TeaTimer
  where: S-1-5-21-861567501-1220945662-1801674531-1003...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
   file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
   size: 1460560
    MD5: B7D4586BFC0DD6C3BE7DCCC252A3E97E

Located: HK_CU:Run, WOOKIT
  where: S-1-5-21-861567501-1220945662-1801674531-1003...
command: C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
   file: C:\PROGRA~1\Wanadoo\Shell.exe
   size: 122880
    MD5: 2BD5E1E68614DBC6B320597856ED6EA7

Located: HK_CU:Run, CTFMON.EXE
  where: S-1-5-18...
command: C:\WINDOWS\System32\CTFMON.EXE
   file: C:\WINDOWS\System32\CTFMON.EXE
   size: 15360
    MD5: 64E41E8FEE655B03E3F19DED21BA5118

Located: Démarrage (tous utilisateurs), ASUS WiFi-AP Solo.lnk
  where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
   file: C:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
   size: 995328
    MD5: 29632881A3F1973FACA3CFDAA259B238

Located: WinLogon, crypt32chain
command: crypt32.dll
   file: crypt32.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
   file: cryptnet.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
   file: cscdll.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
   file: wlnotify.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
   file: wlnotify.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
   file: sclgntfy.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
   file: WlNotify.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
   file: wlnotify.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, WgaLogon
command: WgaLogon.dll
   file: WgaLogon.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
   file: wlnotify.dll
   size: 0
    MD5: D41D8CD98F00B204E9800998ECF8427E
         Warning: if the file is actually larger than 0 bytes,
         the checksum could not be properly calculated!



--- Browser helper object list ---
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (SSVHelper Class)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: SSVHelper Class
              Path: C:\Program Files\Java\jre1.6.0_03\bin\
         Long name:            ssv.dll
        Short name:                   
    Date (created): 14/12/2007 16:57:06
Date (last access): 30/01/2008 23:05:06
 Date (last write): 25/09/2007 01:11:34
          Filesize:             501136
        Attributes:           archive 
               MD5: D787E3123FAD2BD58AB45B9A5C360ACD
             CRC32:           DDC625C2
           Version:           6.0.30.5

{9030D464-4C02-4ABF-8ECC-5164760863C6} (Windows Live Sign-in Helper)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: Windows Live Sign-in Helper
              Path: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\
         Long name: WindowsLiveLogin.dll
        Short name:       WINDOW~1.DLL
    Date (created): 31/08/2006 20:33:06
Date (last access): 30/01/2008 23:05:06
 Date (last write): 31/08/2006 20:33:06
          Filesize:             322368
        Attributes:           archive 
               MD5: E43F7CFDEE2B00A22C96C168147B20D3
             CRC32:           2AEACC43
           Version:        4.100.313.1

{BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} (Windows Live Toolbar Helper)
          location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
          BHO name: 
        CLSID name: Windows Live Toolbar Helper
              Path: C:\Program Files\Windows Live Toolbar\
         Long name:          msntb.dll
        Short name:                   
    Date (created): 19/10/2007 11:20:48
Date (last access): 30/01/2008 23:32:32
 Date (last write): 19/10/2007 11:20:48
          Filesize:             546320
        Attributes:           archive 
               MD5: CEE1BE1DA21300208D07FBEAE9EA2B51
             CRC32:           12446524
           Version:          3.1.0.146



--- ActiveX list ---
{30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class)
          DPF name: 
        CLSID name: YInstStarter Class
         Installer: C:\Program Files\Yahoo!\Common\yinst.inf
          Codebase: C:\Program Files\Yahoo!\Common\yinsthelper.dll
              Path: C:\PROGRA~1\Yahoo!\Common\
         Long name:    yinsthelper.dll
        Short name:       YINSTH~1.DLL
    Date (created): 25/01/2008 16:48:58
Date (last access): 30/01/2008 22:49:56
 Date (last write): 30/07/2006 13:25:34
          Filesize:             188968
        Attributes:           archive 
               MD5: 18B54B53CEE0E7204495BAB864EBBF03
             CRC32:           6D72BB93
           Version:        2006.4.14.2

{4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool)
          DPF name: 
        CLSID name: MSN Photo Upload Tool
         Installer: C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf
          Codebase: http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
              Path: C:\WINDOWS\Downloaded Program Files\
         Long name:       MsnPUpld.dll
        Short name:                   
    Date (created): 20/06/2006 15:44:04
Date (last access): 30/01/2008 22:56:04
 Date (last write): 20/06/2006 15:44:04
          Filesize:             379704
        Attributes:           archive 
               MD5: D2FB109C3F0DAAAA4A73E5921656DB3E
             CRC32:           A13093E8
           Version:         10.0.913.0

{8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_03
         Installer: 
          Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
       description: Sun Java
    classification: Legitimate
    known filename: %PROGRAM FILES%\JabaSoft\JRE\*\Bin
pjava131.dll
         info link: 
       info source: Patrick M. Kolla
              Path: C:\Program Files\Java\jre1.6.0_03\bin\
         Long name:    npjpi160_03.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 24/09/2007 23:31:44
Date (last access): 30/01/2008 22:46:36
 Date (last write): 25/09/2007 01:11:34
          Filesize:             132496
        Attributes:           archive 
               MD5: D6A4682A6FF41832A3F1A7AB9AE08199
             CRC32:           9080B537
           Version:           6.0.30.5

{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
          DPF name: Java Runtime Environment 1.5.0
        CLSID name: Java Plug-in 1.5.0_08
         Installer: 
          Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_08-windows-i586.cab
              Path: C:\Program Files\Java\jre1.5.0_08\bin\
         Long name:    NPJPI150_08.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 26/07/2006 03:03:18
Date (last access): 30/01/2008 22:45:52
 Date (last write): 26/07/2006 03:17:56
          Filesize:              69746
        Attributes:           archive 
               MD5: C10D603F2BD3B0A2EAC4EC5B743430D3
             CRC32:           1EB99B36
           Version:           5.0.80.3

{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
          DPF name: Java Runtime Environment 1.5.0
        CLSID name: Java Plug-in 1.5.0_09
         Installer: 
          Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab
              Path: C:\Program Files\Java\jre1.5.0_09\bin\
         Long name:    NPJPI150_09.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 12/10/2006 03:10:58
Date (last access): 30/01/2008 22:46:00
 Date (last write): 12/10/2006 03:25:44
          Filesize:              69746
        Attributes:           archive 
               MD5: A3CDEB59B6B8C2EA81B9ED2D3EF4C95E
             CRC32:           2A32A9A2
           Version:           5.0.90.3

{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} (Java Runtime Environment 1.5.0)
          DPF name: Java Runtime Environment 1.5.0
        CLSID name: Java Plug-in 1.5.0_11
         Installer: 
          Codebase: http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab
              Path: C:\Program Files\Java\jre1.5.0_11\bin\
         Long name:    NPJPI150_11.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 15/12/2006 03:09:16
Date (last access): 30/01/2008 22:46:10
 Date (last write): 15/12/2006 03:23:26
          Filesize:              75528
        Attributes:           archive 
               MD5: 3B3F6984DBF972DAFF1B7E9C44E2FE75
             CRC32:           4BDE2041
           Version:          5.0.110.3

{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_01
         Installer: 
          Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab
              Path: C:\Program Files\Java\jre1.6.0_01\bin\
         Long name:    npjpi160_01.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 14/03/2007 01:04:46
Date (last access): 30/01/2008 22:46:18
 Date (last write): 14/03/2007 02:43:42
          Filesize:             132760
        Attributes:           archive 
               MD5: F112FB2FD2EF66D439799E3F834DF000
             CRC32:           D2B09219
           Version:            6.0.0.6

{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_02
         Installer: 
          Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab
              Path: C:\Program Files\Java\jre1.6.0_02\bin\
         Long name:    npjpi160_02.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 12/07/2007 01:22:38
Date (last access): 30/01/2008 22:46:26
 Date (last write): 12/07/2007 03:00:36
          Filesize:             132496
        Attributes:           archive 
               MD5: E3811F1A1C5063C941EC0E2766C3EA39
             CRC32:           AEFD3747
           Version:           6.0.20.6

{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_03
         Installer: 
          Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
              Path: C:\Program Files\Java\jre1.6.0_03\bin\
         Long name:    npjpi160_03.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 24/09/2007 23:31:44
Date (last access): 30/01/2008 23:55:52
 Date (last write): 25/09/2007 01:11:34
          Filesize:             132496
        Attributes:           archive 
               MD5: D6A4682A6FF41832A3F1A7AB9AE08199
             CRC32:           9080B537
           Version:           6.0.30.5

{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} (Java Runtime Environment 1.6.0)
          DPF name: Java Runtime Environment 1.6.0
        CLSID name: Java Plug-in 1.6.0_03
         Installer: 
          Codebase: http://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab
              Path: C:\Program Files\Java\jre1.6.0_03\bin\
         Long name:    npjpi160_03.dll
        Short name:       NPJPI1~1.DLL
    Date (created): 24/09/2007 23:31:44
Date (last access): 30/01/2008 23:55:52
 Date (last write): 25/09/2007 01:11:34
          Filesize:             132496
        Attributes:           archive 
               MD5: D6A4682A6FF41832A3F1A7AB9AE08199
             CRC32:           9080B537
           Version:           6.0.30.5

{D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object)
          DPF name: 
        CLSID name: Shockwave Flash Object
         Installer: C:\WINDOWS\Downloaded Program Files\swflash.inf
          Codebase: http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
       description: Macromedia Shockwave Flash Player
    classification: Legitimate
    known filename: 
         info link: 
       info source: Patrick M. Kolla
              Path: C:\WINDOWS\system32\Macromed\Flash\
         Long name:        Flash9e.ocx
        Short name:                   
    Date (created): 21/11/2007 01:04:14
Date (last access): 30/01/2008 20:29:08
 Date (last write): 21/11/2007 01:04:14
          Filesize:            2987392
        Attributes:           archive 
               MD5: D3C50535C26190FEAD7785A03499C0AC
             CRC32:           A77C3E92
           Version:          9.0.115.0



--- Process list ---
PID:    0 (   0) [System]
PID:  684 (   0) \SystemRoot\System32\smss.exe
 size: 50688
PID:  732 (   0) \??\C:\WINDOWS\system32\csrss.exe
 size: 6144
PID:  756 (   0) \??\C:\WINDOWS\system32\winlogon.exe
 size: 506368
PID:  800 (   0) C:\WINDOWS\system32\services.exe
 size: 108544
  MD5: 63DCDE1A0D86EEB8924D6738FF616EAD
PID:  812 (   0) C:\WINDOWS\system32\lsass.exe
 size: 13312
  MD5: 259AF82A0932EEA4F316F92DB94707B6
PID:  980 (   0) C:\WINDOWS\system32\svchost.exe
 size: 14336
  MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 1048 (   0) C:\WINDOWS\system32\svchost.exe
 size: 14336
  MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 1144 (   0) C:\WINDOWS\System32\svchost.exe
 size: 14336
  MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 1280 (   0) C:\WINDOWS\System32\svchost.exe
 size: 14336
  MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 1416 (   0) C:\WINDOWS\System32\svchost.exe
 size: 14336
  MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 1544 (   0) C:\WINDOWS\system32\spoolsv.exe
 size: 57856
  MD5: DA81EC57ACD4CDC3D4C51CF3D409AF9F
PID: 1664 (   0) C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
 size: 214056
  MD5: F640EA98231D7B1DB730385813BFCE79
PID: 1888 (   0) F:\photoshop\PhotoshopElementsFileAgent.exe
 size: 124832
  MD5: E8FE4FCE23D2809BD88BCC1D0F8408CE
PID:  196 (   0) C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
 size: 63016
  MD5: A6FA9C14E649B2F3DE15390A1840774D
PID:  240 (   0) C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
 size: 110592
  MD5: 3A4982DF893F198A2DFBCCD4CE10F93A
PID:  260 (   0) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
 size: 312880
  MD5: 5DCD235C061022BCDA9AA48670B64211
PID:  272 (   0) C:\WINDOWS\Explorer.EXE
 size: 1037312
  MD5: D0288319660EDCFED07C7E74C4EA38A5
PID:  356 (   0) C:\WINDOWS\System32\FTRTSVC.exe
 size: 40960
  MD5: D1261099E03EEE90976EA19002995B89
PID:  416 (   0) C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
 size: 53248
  MD5: 575ED0F5DCB34E5C243D2A7EBC860484
PID:  468 (   0) C:\WINDOWS\system32\lxddcoms.exe
 size: 537520
  MD5: 4B4C8980F8A9177ED2E8FA231BEB1866
PID:  568 (   0) C:\WINDOWS\system32
vsvc32.exe
 size: 163908
  MD5: 2D8305D4248C03AF9D93FFFFA486309B
PID:  588 (   0) C:\WINDOWS\system32\PnkBstrA.exe
 size: 66872
  MD5: 0E01D7EEBADA0B324DB0CA1EE73440BA
PID:  600 (   0) C:\WINDOWS\system32\PnkBstrB.exe
 size: 103736
  MD5: 1428E6CC1458A36CBFC1F2E304C7C42D
PID:  704 (   0) C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
 size: 1234480
  MD5: 7234E4B852F8FA0C48FF0E4FD7394490
PID: 1204 (   0) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
 size: 275968
  MD5: B1691AF4A072CB674D600DB16DD7308E
PID: 1176 (   0) C:\WINDOWS\System32\svchost.exe
 size: 14336
  MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 1316 (   0) C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
 size: 49152
  MD5: 332D341D92B933600D41953B08360DFB
PID: 1764 (   0) C:\WINDOWS\system32\VTTimer.exe
 size: 53248
  MD5: 09F1A97848BFAB3F36EB216681465B85
PID:  332 (   0) C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
 size: 32768
  MD5: 8FB740D758B14B1BC950CC347C21E461
PID: 1184 (   0) C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
 size: 3167232
  MD5: 675FACC565B3B2770DC53F40615F2969
PID: 2116 (   0) C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
 size: 1967664
  MD5: A464B1F7249B9893AB3F08CDA55F18E5
PID: 2124 (   0) C:\Program Files\ASUS\PC Probe II\Probe2.exe
 size: 2045952
  MD5: 32A677AAA3115B94EEFF749F81A4EA54
PID: 2128 (   0) C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
 size: 208896
  MD5: 1212645A948944C705304AC188A162DA
PID: 2140 (   0) C:\WINDOWS\System32\alg.exe
 size: 44544
  MD5: B43CC0F07752D456038CD0268E4D84E9
PID: 2244 (   0) C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
 size: 185896
  MD5: 1EDA1C63E0D2AE1AEBDF98083454079C
PID: 2304 (   0) C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
 size: 249896
  MD5: 6E898F5959E7195D64594C30E9251938
PID: 2316 (   0) C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
 size: 132496
  MD5: D4F0F7437327DBAA264338BAAFB5E5AF
PID: 2376 (   0) C:\Program Files\Lexmark 2500 Series\lxddamon.exe
 size: 20480
  MD5: F4E6A9FD4CAE2A7DBF3936A81B84E7A4
PID: 2520 (   0) C:\WINDOWS\system32\RUNDLL32.EXE
 size: 33792
  MD5: CDD7140C0EAA754C527B983CCC9993CD
PID: 2628 (   0) C:\WINDOWS\system32\DeltTray.exe
 size: 56320
  MD5: D4DD44EEAEE3799C358DF987AA498B17
PID: 2748 (   0) C:\Program Files\iTunes\iTunesHelper.exe
 size: 267048
  MD5: 020B109C1D515879C04A36D6BCA949B8
PID: 2852 (   0) C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
 size: 6731312
  MD5: CC6BC45DD5A58158645E7FB2953604FE
PID: 2948 (   0) C:\WINDOWS\system32\ctfmon.exe
 size: 15360
  MD5: 64E41E8FEE655B03E3F19DED21BA5118
PID: 3028 (   0) C:\WINDOWS\System32\svchost.exe
 size: 14336
  MD5: 2979B03D5382A602623C0535B16AB9C0
PID: 3596 (   0) C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
 size: 1967664
  MD5: A464B1F7249B9893AB3F08CDA55F18E5
PID: 3804 (   0) E:\deamon tool\DAEMON Tools Lite\daemon.exe
 size: 486856
  MD5: 86527BD9CDDCB84DC3117E098E6111ED
PID: 4072 (   0) C:\Program Files\iPod\bin\iPodService.exe
 size: 504104
  MD5: E1BD28CA09EE8F30E8EDBD6C19F5579D
PID: 4092 (   0) C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
 size: 819200
  MD5: 5D17C66B5620142A06B7391BE20C0476
PID: 2100 (   0) C:\PROGRA~1\Wanadoo\ComComp.exe
 size: 249856
  MD5: 5D589D0436C4C2D285B3418E79E78A21
PID: 2732 (   0) C:\PROGRA~1\Wanadoo\Toaster.exe
 size: 69632
  MD5: C2D1BD2B433571ECEC29924ACE5D7C62
PID: 2828 (   0) C:\PROGRA~1\Wanadoo\Inactivity.exe
 size: 32768
  MD5: 5F6DBF75D05462EED92B42376E89D9FE
PID: 2876 (   0) C:\PROGRA~1\Wanadoo\PollingModule.exe
 size: 69632
  MD5: EDF02F58940FD56C12357D150F5397C0
PID: 2920 (   0) C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
 size: 45056
  MD5: 68E404DB5525373FE0554ED2607F0C82
PID: 3420 (   0) C:\PROGRA~1\Wanadoo\Watch.exe
 size: 20480
  MD5: 9A29592CD135F6262C429152F7A8DD4A
PID: 3440 (   0) C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
 size: 4943184
  MD5: C92780F50B8BB7A89E919585916494A9


--- Browser start & search pages list ---
Spybot - Search & Destroy browser pages report, 30/01/2008 23:55:52

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page
  C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page
  http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page
  http://runonce.msn.com/?v=msgrv75
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl\@
  https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page
  %SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page
  https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page
  about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL
  https://www.msn.com/fr-fr/?ocid=iehp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL
  https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant
  https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch
  https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm


--- Winsock Layered Service Provider list ---


--- Uninstall list ---
Ableton Live v5.0.3  (Ableton Live v5.0.3)
   uninstall cmd: E:\LIVE50~1.3\UNWISE.EXE E:\LIVE50~1.3\INSTALL.LOG

  (AddressBook)

Adobe Flash Player ActiveX 9.0.115.0 (Adobe Flash Player ActiveX)
   uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
       publisher: Adobe Systems Incorporated
       help link: https://helpx.adobe.com/flash-player.html

Adobe Flash Player Plugin 9.0.47.0 (Adobe Flash Player Plugin)
   uninstall cmd: C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
       publisher: Adobe Systems Incorporated

Adobe Photoshop Elements 6.0 6.0 (Adobe Photoshop Elements 6)
         version: 5
 version (major): 5
install location: F:\photoshop\
   uninstall cmd: msiexec /I {F54AC413-D2C6-4A24-B324-370C223C6250}
       publisher: Adobe Systems Inc.
         contact: Customer Support Department
       help link: https://helpx.adobe.com/support.html

AKAI professional DCVocoder 1.0  (AKAI professional DCVocoder 1.0)
   uninstall cmd: C:\WINDOWS\IsUninst.exe -f"C:\Program Files\AKAI professional M.I. Corp.\AKAI professional DCVocoder\UninstDCVocoder.isu"

Alcohol Toolbar 3.2.0.0 (Alcohol Toolbar)
 version (major): 1
 version (minor): 9
install location: C:\Program Files\Alcohol Toolbar
   uninstall cmd: "C:\WINDOWS\Alcohol_Toolbar_Uninstaller_4750.exe"  _?=C:\Program Files\Alcohol Toolbar

Avira AntiVir PersonalEdition Classic  (AntiVir PersonalEdition Classic)
   uninstall cmd: C:\Program Files\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
       publisher: Avira GmbH
       help link: http://www.avira.com/classic-support

Aphro-V1 DX Plug-in  (Aphro-V1 DX Plug-in)
   uninstall cmd: C:\WINDOWS\IsUninst.exe -f"g:\program yan\Uninst.isu"

AVG Anti-Spyware 7.5  (AVGAntiSpyware75)
install location: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5
   uninstall cmd: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\Uninstall.exe
       publisher: Grisoft Ltd.
       help link: https://www.avg.com/fr-fr/homepage

  (Branding)

CCleaner (remove only)  (CCleaner)
   uninstall cmd: "C:\Program Files\CCleaner\uninst.exe"

  (Connection Manager)

  (DirectAnimation)

  (DirectDrawEx)

  (DXM_Runtime)

  (Fontcore)

Navigateur Orange  (FranceTelecomUninstall_FTBrowser)
install location: C:\PROGRA~1\Wanadoo\WOOBrowser
   uninstall cmd: C:\PROGRA~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl

Free Mp3 Wma Converter V 1.5.1  (Free Mp3 Wma Converter_is1)
install location: G:\setup\Free Audio Pack\
   uninstall cmd: "G:\setup\Free Audio Pack\unins000.exe"
       publisher: Renan Broquin
       help link: http://koyotstar.free.fr

Gestionnaire Internet  (GestionnaireInternet.exe)
   uninstall cmd: C:\PROGRA~1\Wanadoo\uninstall.exe

Google Video Player  (GoogleVideoPlayer)
   uninstall cmd: "G:\googleVideo\Google Video Player\Uninstall.exe"

Helix YUV Codecs (remove only)  (HelixYUVCodecs)
   uninstall cmd: "C:\WINDOWS\system32\uninstHelixYUV.exe"

HijackThis 2.0.2 2.0.2 (HijackThis)
   uninstall cmd: "C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
       publisher: TrendMicro

  (ICW)

Microsoft Internationalized Domain Names Mitigation APIs  (IDNMitigationAPIs)
    install date: 20061205
   uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation

  (IE40)

  (IE4Data)

  (IE5BAKEX)

Windows Internet Explorer 7 20061107.210142 (ie7)
    install date: 20061205
   uninstall cmd: "C:\WINDOWS\ie7\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: https://support.microsoft.com/en-us/office/internet-explorer-help-23360e49-9cd3-4dda-ba52-705336cc0de2?ui=en-US&rs=en-001&ad=US

  (IEData)

  (InstallShield Uninstall Information)

VIA Platform Device Manager 1.13 (InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169})
         version: 17629184
 version (major): 1
 version (minor): 13
    install date: 20060909
  install source: D:\Drivers\Chipset\VIA4in1\
   uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169} 
       publisher: VIA Technologies, Inc.
        comments: VIA Hyperion Pro Setup Program
         contact: http://forums.viaarena.com/
       help link: http://www.viaarena.com/
  help telephone: NULL
          readme: NULL

Norton PartitionMagic 8.0 8.05.000 (InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502})
         version: 134545408
 version (major): 8
 version (minor): 5
  estimated size: 43533
    install date: 20071209
install location: G:\partition mag\partition magic soft\
  install source: D:\Setup\
   uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{21DBBDD6-93A5-4326-9A04-C9A5C9148502} 
       publisher: Symantec
        comments: Symantec Inc.
         contact: Customer Support Department
       help link: https://support.broadcom.com/security
  help telephone: 1-801-226-6834
          readme: Readme.txt

Far Cry 1.00.0000 (InstallShield_{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC})
         version: 16777216
 version (major): 1
  estimated size: 3150744
    install date: 20080126
install location: E:\far cry\
  install source: D:\
   uninstall cmd: C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{D6DBDC2A-E72C-4284-B6AD-6B3B61B4DABC} /l1036 
       publisher: Nom de votre société

  (KB884016)

  (KB884267)

  (KB885353)

  (KB886612)

  (KB887078)

  (KB887626)

  (KB888656)

  (KB889858)

  (KB891122)

Windows Genuine Advantage Validation Tool (KB892130)  (KB892130)
    install date: 20070922
       publisher: Microsoft Corporation
       help link: https://www.microsoft.com/en-us/howtotell/default.aspx

  (KB892313)

  (KB893240)

  (KB893241)

  (KB893803)

  (KB895181)

  (KB895316)

  (KB895572)

  (KB897586)

  (KB898549)

  (KB900399)

  (KB902344)

  (KB907658)

  (KB911565)

  (KB911854)

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB928090) 20070117.120000 (KB928090-IE7)
    install date: 20070217
   uninstall cmd: "C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: https://support.microsoft.com/en-us/help/928090

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB929969) 20061222.120000 (KB929969)
    install date: 20070110
   uninstall cmd: "C:\WINDOWS\ie7updates\KB929969\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: https://support.microsoft.com/en-us/help/929969

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB931768) 1 (KB931768-IE7)
    install date: 20070525
   uninstall cmd: "C:\WINDOWS\ie7updates\KB931768-IE7\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: https://support.microsoft.com/en-us/help/931768

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB933566) 1 (KB933566-IE7)
    install date: 20070615
   uninstall cmd: "C:\WINDOWS\ie7updates\KB933566-IE7\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: https://support.microsoft.com/en-us/help/933566/ms07-033-cumulative-security-update-for-internet-explorer

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB937143) 1 (KB937143-IE7)
    install date: 20070815
   uninstall cmd: "C:\WINDOWS\ie7updates\KB937143-IE7\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: https://support.microsoft.com/en-us/help/937143/ms07-045-cumulative-security-update-for-internet-explorer

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB938127) 1 (KB938127-IE7)
    install date: 20070815
   uninstall cmd: "C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: https://support.microsoft.com/en-us/help/938127

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB939653) 1 (KB939653-IE7)
    install date: 20071027
   uninstall cmd: "C:\WINDOWS\ie7updates\KB939653-IE7\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: https://support.microsoft.com/en-us/help/939653

Mise à jour de sécurité pour Windows Internet Explorer 7 (KB942615) 1 (KB942615-IE7)
    install date: 20071212
   uninstall cmd: "C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: https://support.microsoft.com/en-us/help/942615

KORG Legacy Collection v1.1.3   (KORG Legacy Collection v1.1.3 )
   uninstall cmd: E:\PROGRA~1\KORGLE~1.3-H\KORG\KORGLE~1\UNWISE.EXE E:\PROGRA~1\KORGLE~1.3-H\KORG\KORGLE~1\INSTALL.LOG

Lexmark 2500 Series  (Lexmark 2500 Series)
   uninstall cmd: C:\Program Files\Lexmark 2500 Series\Install\x86\Uninst.exe
       publisher: Lexmark International, Inc.
       help link: http://support.lexmark.com/index?page=productSelection&channel=supportAndDownloads&locale=en&userlocale=EN_US

Solutions de télécopie Lexmark  (Lexmark Fax Solutions)
   uninstall cmd: C:\Program Files\Lexmark Fax Solutions\Install\x86\Uninst.exe /R:faxunst
       help link: http://support.lexmark.com/index?page=productSelection&channel=supportAndDownloads&locale=en&userlocale=EN_US

L&H TTS3000 Français  (LHTTSFRF)
   uninstall cmd: RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSFRF.inf, Uninstall

Microsoft .NET Framework 1.1 Hotfix (KB928366)  (M928366)
   uninstall cmd: "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"

Magic ISO Maker v5.4 (build 0245)  (Magic ISO Maker v5.4 (build 0245))
   uninstall cmd: G:\PARTIT~1\MAGICI~1.KEY\MagicISO\UNWISE.EXE G:\PARTIT~1\MAGICI~1.KEY\MagicISO\INSTALL.LOG

Mercury 1  (Mercury 1)
   uninstall cmd: E:\PROGRA~1\TCWorks\Mercury\UNWISE.EXE E:\PROGRA~1\TCWorks\Mercury\INSTALL.LOG

Microsoft .NET Framework 1.1  (Microsoft .NET Framework 1.1  (1033))
   uninstall cmd: msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
          readme: file://C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\1033\RepairRedist.htm

  (Microsoft NetShow Player 2.0)

  (MobileOptionPack)

Mozilla Firefox (2.0.0.11) 2.0.0.11 (fr) (Mozilla Firefox (2.0.0.11))
install location: E:\fire-fox navigateur
   uninstall cmd: E:\fire-fox navigateur\uninstall\helper.exe
       publisher: Mozilla
        comments: Mozilla Firefox

  (MPlayer2)

Microsoft Compression Client Pack 1.0 for Windows XP 1 (MSCompPackV1)
    install date: 20061224
   uninstall cmd: "C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation
       help link: https://www.microsoft.com/fr-fr/?ref=go

  (MSI30-Beta1)

  (MSI30-Beta2)

  (MSI30-KB884016)

  (MSI30-RC1)

  (MSI30-RC2)

  (MSI30a-KB884016)

  (MSI31-Beta)

  (MSI31-RC1)

  (Nero - Burning Rom!UninstallKey)
   uninstall cmd: E:\Nero-Gravure
ero\uninstall\UNNERO.exe /UNINSTALL

Nero Suite  (NeroMultiInstaller!UninstallKey)
   uninstall cmd: C:\Program Files\Fichiers communs\Nero\Uninstall\Setupx.exe /uninstall ExtraUninstallID=""

  (NetMeeting)

Microsoft National Language Support Downlevel APIs  (NLSDownlevelMapping)
    install date: 20061205
   uninstall cmd: "C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
       publisher: Microsoft Corporation

Nuendo Dolby Digital Encoder 1.01  (Nuendo Dolby Digital Encoder 1.01)
   uninstall cmd: C:\PROGRA~1\SPECTR~1\UNINST~1\NUENDO~1\UNWISE.EXE C:\PROGRA~1\SPECTR~1\UNINST~1\NUENDO~1\INSTALL.LOG

NVIDIA Drivers  (NVIDIA Drivers)
   uninstall cmd: C:\WINDOWS\system32
vudisp.exe UninstallGUI

  (OutlookExpress)

  (PCHealth)
   uninstall cmd: rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

PowerISO  (PowerISO)
   uninstall cmd: "F:\power iso\PowerISO\uninstall.exe"

PSP Nitro VST and DX 1.0  (PSP_Nitro)
   uninstall cmd: C:\WINDOWS\iun6002.exe "G:\program yan\irunin.ini"

  (RealJukebox 1.0)
   uninstall cmd: C:\Program Files\Fichiers communs\Real\Update_OB1puninst.exe RealNetworks|RealPlayer|6.0

RealPlayer  (RealPlayer 6.0)
   uninstall cmd: C:\Program Files\Fichiers communs\Real\Update_OB1puninst.exe RealNetworks|RealPlayer|6.0

Riva FLV Encoder 2.0 2.00.0004 (Riva FLV Encoder 2.0_is1)
install location: G:iva encoder\Riva FLV Encoder 2.0\
   uninstall cmd: "G:iva encoder\Riva FLV Encoder 2.0\unins000.exe"
       publisher: Rothenberger & Partner
       help link: http://www.rivavx.de

  (SchedulingAgent)

Shockwave  (Shockwave)
   uninstall cmd: C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

 9.0.115.0 (ShockwaveFlash)

Sinus Peak Compressor v2.5 VST  (Sinus Peak Compressor v2.5 VST)
   uninstall cmd: E:\PROGRA~1\emagic\LOGIC5~1\VSTPLU~1\Sinus\PEAKCO~1\UNWISE.EXE E:\PROGRA~1\emagic\LOGIC5~1\VSTPLU~1\Sinus\PEAKCO~1\INSTALL.LOG

SpywareBlaster v3.5.1 3.5.1 (SpywareBlaster_is1)
install location: C:\Program Files\SpywareBlaster\
   uninstall cmd: "C:\Program Files\SpywareBlaster\unins000.exe"
       publisher: Javacool Software LLC

LeTraducteur  (ST4UNST #1)
   uninstall cmd: C:\WINDOWS\ST4UNST.EXE -n "C:\Language\Fran-Ang.4-9\ST4UNST.LOG" 

VideoLAN VLC media player 0.8.4a 0.8.4a (VLC media player)
   uninstall cmd: E:\VLC\uninstall.exe
       publisher: VideoLAN Team

VIA Rhine-Family Fast Ethernet Adapter  (VN_VUIns_Rhine_VIA)
   uninstall cmd: Rundll32.exe vuins32.dll,vuins32Ex $Rhine $VIA

Wave Arts Power Suite 4.08 (Wave Arts Power Suite)
   uninstall cmd: C:\PROGRA~1\WAVEAR~1\POWERS~1\UNWISE.EXE C:\PROGRA~1\WAVEAR~1\POWERS~1\INSTAL~1.LOG
       publisher: Wave Arts, Inc.
       help link: https://wavearts.com/support/
  help telephone: +1 (781) 646-3794

Windows Genuine Advantage Validation Tool (KB892130) 1.7.0059.1 (WGA)
    install date: 20061015
       publisher: Microsoft Corporation
       help link: https://www.microsoft.com/en-us/howtotell/default.aspx

Windows Genuine Advantage Notifications (KB905474) 1.7.0018.7 (WgaNotify)
    install date: 20070302
       publisher: Microsoft Corporation
       help link: https://support.microsoft.com/en-us/help/905474

Windows Live Toolbar 03.01.0146 (Windows Live Toolbar)
   uninstall cmd: "C:\Program Files\Windows Live Toolbar\UnInstall.exe" {0A8C97AD-DEED-4894-B446-3ABA95A77D0D}
       publisher: Microsoft Corporation

Windows Media Format 11 runtime  (Windows Media Format Runtime)
   uninstall cmd: "C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
       help link: https://support.microsoft.com/en-us

Lecteur Windows Media 11  (Windows Media Player)
   uninstall cmd: "C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows XP Service Pack 2 20040819.151636 (Windows XP Service Pack)
   uninstall cmd: C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
       publisher: Microsoft Corporation
       help link: https://support.microsoft.com/en-us/help/811113

Archiveur WinRAR  (WinRAR archiver)
   uninstall cmd: C:\Program Files\WinRAR\uninstall.exe

  (WMCSetup)

Windows Media Format 11 runtime  (WMFDist11)
    install date: 20061224
   uninstall cmd: "C:\WINDOWS\$NtUninstallWMFDi

g!rly · Answer

re,

je vais pas tarder...

t´as t-il detecté des fichiers infectés et lesquels ?

@+

Harry Seldon · Answer

non; aucun fichier détecté comme suspect.

g!rly · Answer

ok

c´est bizar qu´il te fasse ramer la connection?!

c´est seulement sur ccm ou en general?

@+

Harry Seldon · Answer

je te demandé à mon message precedent  que dois je faire de spybot?  ma navigation et tres alléatoire ca rame de plus en plus et il m'est difficile d'accéder au forum et d'un coup ca retrace  quand je deconnecte et reconnecte, ca c'est agravé depuis l'installation de spybot, mais le problème est present depuis quelques heures avant.

Harry Seldon · Answer

non c'est toute ma navigation qui rame pas seulement ccm!
ps: excuse moi pour le message, je pensé que tu n'avais pas tout lu (il est tard)lol!

g!rly · Answer

re,

oui j´ai bien lu ce que tu m´avais ecrit...

spybot dispose du tea timer (resident) qui controle les entrées bho mais ca ne joue pas tant que ca sur la connection...

fais ce qui est stipulé ici par ninix pour kerio :

Le samedi 25 mars 2006 à 12:32, par NiNiX

http://www.libellules.ch/dotclear/index.php?2005/12/26/719-sunbelt-kerio-firewall

tu me dira demain si ca a amélioré la situation...

je vais me coucher...

@+

Harry Seldon · Answer

ok merci beaucoup g!rly! repose toi bien.
 à demain

g!rly · Answer

Merci ,-)
@+

Harry Seldon · Answer

ha déjà je n'ai pas du telecharger la bonne version car moi j'ai sunbelt personal firewall

Harry Seldon · Answer

je viens d'installer kerio firewall et de suivre tes dernières instructions, ca marche beaucoup mieux quand il sagit d'ouvrir firefox et de faire une recherche avec google; mais  ca rame enormement  sur des liens comme myspace ou ccm!! on reparlera de ca demain...
 bonne nuit.

Harry Seldon · Answer

salut G!rly, et Bonjour à tous; 
donc cette nuit j'ai installé  Sunbelt kerio Personal Firewall et je l'ai configuré à l'aide de tutoriel; mais il y à un problème de navigation.
 quand je souhaite entrer dans des sites y compris ici, j'ai souvent ce message: not found ou la page demandé n'existe plus mais c'est tres alléatoire.
je me demande si j'ai pas trops de chose installé ? AVG antispyware, antivir , spybot (+ le bouclier resident qui se met route à chaque demarrage et que je suis obligé de couper sinon ca rame encore plus), spywareblaster et enfin le pare feu.

g!rly · Answer

salut,

c´est bien embetant ces histoires de navigation...

desinstale avg pour voir.

note : sur ma machine j´ai antivir kerio spybot / tea timer ( resident) spyware blaster, spyware garde et ca ne rame pas...

dis moi quoi

@+

Harry Seldon · Answer

En fait,' j'etais un peu pressé et avant de recevoir ton dernier message j'ai desinstallé spybot et d'un coup plus de probleme (pour aujourd'hui ! a suivre...) 
j'enverrai un message demain pour te tenir au courant de la situation, mais visiblement ca marche mieux comme ca. Tu me dira si il est preferable de reinstaller spybot et sortir a la place avg.
 bonne nuit G!rly et encore merci.

g!rly · Answer

salut harry,

bon,  voyons ce que ca donne...

bonne soirée 

@+

Harry Seldon · Answer

bonsoir G!rly!
 Alors; 
 il y a du mieux avec firefox, c'est même très bien,
 il y a juste quelques bug sur le forum CCM mais "je ne pense pas" que ça vienne de chez moi !??
 Par contre,  impossible de naviguer avec IE; et ça,  c'est très embêtant  pour les mises à jour de windows update.
 Il y a une chose qui a dû m'échapper dans le paramétrage du pare feu Kerio.
à noté, j'ai ouvert un autre post :
 (  http://www.commentcamarche.net/forum/affich 4601587 vie prive?page=2#23  ) 
 et c'est seulement après avoir suivi les dernières instructions de papyber que j'ai découvert le problème de navigation avec internet explorer,je ne sais pas si ça peut être lié;
 je préfère te le dire. 
Serais tu ok pour jeter un coup d'oeil dans  mon pc avec un logiciel du genre VNC ?

g!rly · Answer

salut harry,

oui c´est pas genial ce qui ce passe avec ie...

je ne fais pas d´aide avec des logiciels type vnc.

on va essayer comme ceci :

fais ce qui est indiqué ici :

http://www.laboratoire-microsoft.org/t/1521/

ps : il se peut qu´il te demande de mettre ton cd d´installation dans le lecteur...

dis moi quoi

@+

Harry Seldon · Answer

Re,
voici ce que j'ai fais:
j'ai utilisé zeb restore, au moment de la restauration et j'ai reçu ce message: 
 " erreur d'execution 75". erreur dans le chemin d'accès(je n'ai pas trouver la solution).
depuis IE c'est remis à fonctionner.

Très souvent quand je clique sur un lien, il s'affiche une page avec une image ou not found (avec Firefox et IE);
 il faut revenir plusieurs fois à la page précédente et re-cliquer sur le lien jusqu'a que ça marche.
en tout cas j'ai surement plus virus?

g!rly · Answer

re,

ok pour zeb restore...

tu peux mieux expliquer quelles images tu voie quand il y a bug?

je ne pensse pas que tu soie encore infecté, antivir lors du scan a detecté des parties des logiciels que l´on avait utilisés pour supprimer les fichiers infectés sur ton pc

@+

Harry Seldon · Answer

il s'affiche une petite image de livre, drapeau ou autre (par exemple sur CCM ce sont les icônes du site :  http://www.commentcamarche.net/template/blocs/bloc_23/pic_03.jpg )   en haut a gauche de la page, comme si il y avais une erreur sur l'adresse des liens.

g!rly · Answer

re,

peux tu reposter un hijack this stp

arrives tu a faire les mises a jour windows avec ie?
 
@+

Harry Seldon · Answer

re,
non je n'arrive plus a faire de mise à jour windows.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:47:49, on 02/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
F:\photoshop\PhotoshopElementsFileAgent.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Wanadoo\ComComp.exe
C:\Program Files\Wanadoo\Watch.exe
E:\fire-fox navigateur\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\acrobat reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\photoshop\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\deamon tool\DAEMON Tools Lite\daemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - F:\photoshop\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: lxdd_device -   - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

g!rly · Answer

re,

pour les mises a jour windows :

téléchargé le programme suivant:Dial-a-fix v0.60.0.24.
1. Pour télécharger la dernière version de ce programme, rend toi à cette adresse:
http://djlizard.net/software/Dial-a-fix-v0.60.0.24.zip
2. Une fenêtre intitulée "Téléchargement de fichiers" te demandera si tu veux exécuter ou enregistrer le fichier, clique sur "Enregistrer".
3. Dans la nouvelle fenêtre clique dans la colonne à gauche sur "Bureau" puis "enregistrez sous" en bas à droite.
4. Une fois le programme téléchargé, ferme ton navigateur et fait un clic droit sur le dossier "Dial-a-fix" présent sur ton bureau.
5. Clique sur "Extraire ici" ou "Extraire tout" puis "Suivant" , "Suivant" et "Terminer", un dossier nommé " Dial-a-fix " est alors créé.
6. Double clique sur le dossier " Dial-a-fix " puis sur le fichier " Dial-a-fix.exe "
NB: Il est possible que juste avant cela tu obtiene une fenêtre t'indiquant que des problèmes ont été détectés. Décoche alors la case "Hide disabled", puis clique sur "Remove" et sur "Close".
7. Dans la fenêtre principale, clique sur le bouton vert pour tout cocher. Clique ensuite sur "GO" et laisse le logiciel travailler. Chaque action en cours est soulignée et une fois terminée elle se décoche automatiquement.
8. Clique enfin sur le bouton "Flush SoftwareDistribution".
Une fois la réparation terminée, ferme la fenêtre et redémarre l'ordinateur.
9. Relance ensuite Windows Update.

pour le reste on verra apres

@+

g!rly · Answer

Edit ::

Puis,
Fais analyser ceci sur virus total :
C:\WINDOWS\system32\lxddcoms.exe

Virus total :
https://www.virustotal.com/gui/

et post le resultat ici 

@+

Harry Seldon · Answer

ok! les mises à jour windows sont possible maintenant (aucune de disponible)
pour le scan du fichier, 
je ne sais pas si je dois t'envoyer le lien ou si je fais un copier/coller. voici les deux : http://www.virustotal.com/fr/analisis/529e78effad5cd6f281a269b2bef057a 

Antivirus 	Version 	Dernière mise à jour 	Résultat
AhnLab-V3 	2008.2.3.10 	2008.02.02 	-
AntiVir 	7.6.0.61 	2008.02.01 	-
Authentium 	4.93.8 	2008.02.01 	-
Avast 	4.7.1098.0 	2008.02.02 	-
AVG 	7.5.0.516 	2008.02.02 	-
BitDefender 	7.2 	2008.02.02 	-
CAT-QuickHeal 	9.00 	2008.02.01 	-
ClamAV 	0.92 	2008.02.02 	-
DrWeb 	4.44.0.09170 	2008.02.02 	-
eSafe 	7.0.15.0 	2008.01.28 	-
eTrust-Vet 	31.3.5504 	2008.02.01 	-
Ewido 	4.0 	2008.02.02 	-
FileAdvisor 	1 	2008.02.02 	-
Fortinet 	3.14.0.0 	2008.02.02 	-
F-Prot 	4.4.2.54 	2008.02.01 	-
F-Secure 	6.70.13260.0 	2008.02.01 	-
Ikarus 	T3.1.1.20 	2008.02.02 	-
Kaspersky 	7.0.0.125 	2008.02.02 	-
McAfee 	5221 	2008.02.01 	-
Microsoft 	1.3204 	2008.02.02 	-
NOD32v2 	2845 	2008.02.02 	-
Norman 	5.80.02 	2008.02.01 	-
Panda 	9.0.0.4 	2008.02.02 	-
Prevx1 	V2 	2008.02.02 	Heuristic: Suspicious File With Bad Child Associations
Rising 	20.29.22.00 	2008.01.30 	-
Sophos 	4.26.0 	2008.02.02 	-
Sunbelt 	2.2.907.0 	2008.02.02 	-
Symantec 	10 	2008.02.02 	-
TheHacker 	6.2.9.206 	2008.02.02 	-
VBA32 	3.12.6.0 	2008.02.02 	-
VirusBuster 	4.3.26:9 	2008.02.02 	-
Webwasher-Gateway 	6.6.2 	2008.02.02 	-
Information additionnelle
File size: 537520 bytes
MD5: 4b4c8980f8a9177ed2e8fa231beb1866
SHA1: f484e08742161594785dd0485bfc20842ad05e7e
PEiD: -
Prevx info: http://info.prevx.com/aboutprogramtext.asp?PX5=0EB81DE9B08E2C5133DD085CC2DE8500F7E2A01B

g!rly · Answer

re,

ca donne quoi Dial-a-fix ?

je vais m´absenter...

tu me diras demain.

bonne soirée

@+

Harry Seldon · Answer

dial fix a marché pour les mises à jour windows. 
tu as bien reçu le dernier rapport de VIRUS TOTAL?
bonne soirée et encore merci de ton aide g!rly .

g!rly · Answer

re,

cool pour dial fix ;-)

pour virus total, oui j´ai vu le resultat...

peux tu faire ceci pour voir :

Télécharge Clean:

-> http://www.malekal.com/download/clean.zip

-> Dézippe tout le contenu dans un dossier que tu auras cré au préalable (sur ton bureau par exemple). Double clic sur clean ou clean.cmd choisie l'option 1.
   
   Un rapport va s'ouvrir, copie et colle le contenu sur le forum.

-> pour ceux ou celles qui auraient un doute sur comment deziper un fichier :

   http://www.tutopat.com/viewtopic.php?t=933&sid=34215b238376bfb22ef9e8eca9995914

@+

Harry Seldon · Answer

bonjour,
le lien pour telecharger clean ne fonctionne pas (erreur de chargement de la page ), la premiere fois que j'ai cliqué dessus antivir a détecté 2 virus et les a mis en quarantaine. sur la feuille de telechargement de firefox le download a échoué et quand je le reprends antivir redetecte deux virus, comme pour ComboFix. faut-il que je modifie l'heuristique de mon antivirus pour qu'il soit moins sensible?

g!rly · Answer

re,

le lien fonctionne mais c´est vrai qu´antivir ne l´aime pas beaucoup...

telecharge le en fesant ignorer quand antivir le detecte puis une fois que l´archive est sur ton bureau...

deconnecte toi du net arrete la guard d´antivir ( double click sur l´icone d´antivir > la fenetre d´antivir va s´afficher> sur la premiere ligne en fasse de antivir guard click sur desactivate ) et -> Dézippe tout le contenu de clean.zip dans un dossier que tu auras cré au préalable (sur ton bureau par exemple). Double clic sur clean ou clean.cmd choisie l'option 1.

Un rapport va s'ouvrir, sauvegarde le en vu de l´envoyer ici 

remet la guard d´antivir et reconnect toi au net et post le rapport de clean ici 

@+

Harry Seldon · Answer

bonsoir G!rly dsl pour le retard mais ça m'a pris du temps pour comprendre où se trouve le rapport du nouveau scan et ça fais une demi heure que je n'arrive pas a me connecter au forum.
voici le rapport:
 03/02/2008 a 19:35:09,37 
 
*** Recherche des fichiers dans C: 
 
*** Recherche des fichiers dans C:\WINDOWS\ 
 
*** Recherche des fichiers dans C:\WINDOWS\system32

Harry Seldon · Answer

Re,
bizarre, 
je suis connecté à internet alors que je n'ai  pas encore mis le code d'accés et déclenché la connection sur le gestionnaire internet d'orange.et, quand j'arrete le pc le gestionnaire de tâche me dit"  lxddmon.exe ne repond pas ----terminer maintenant." 
Tu as trouvé quelque chose dans  les rapports d'analyse que j'ai envoyé hier et aujourd'hui?

Harry Seldon · Answer

Excuse moi, ma mémoire n'a pas était bonne, le gestionnaire de tâches me dis " SESSION CONTROLER LXDD (ne répond pas) --Terminer maintenant.

à ++

g!rly · Answer

salut,

c´est le fichier que l´on a fait analyser sur virus total...

on va le supprimer :

1°- « Démarrer » > « Executer » > taper cmd > valide par ok

sc stop "lxdd_device" ==> [Enter]
sc config "lxdd_device" start= disabled ==> [Enter]

2°- Redémarre MSE .Choisis ton compte usuel, et non Administrateur.

3°- « Démarrer » > « Executer » > taper cmd > valide par ok

sc delete "lxdd_device" ==> [Enter] 

Comment redémarrer en mode sans echec? 

   Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
   Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
   capture d´ecran : http://www.coupdepoucepc.com/images_cdppc4/fichespratiques/windowsxp/modese/modese2.jpg
   Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
   Ps : si F8 ne marche pas utilise la touche F5.

dis moi quoi 

@+

Harry Seldon · Answer

salut G!rly!
j'ai un probleme pour demarrer en mode sans echec je tape F8 ensuite je dois choisir quoi?
voici ce qu'il m'est proposé:
-REMOVABLE
-HARD DISK
-CDROM
-LEGACY LAN

Harry Seldon · Answer

que veux dire  - Redémarre MSE? dsl
la manip que tu veux que je fasse pour supprimer LXDD.exe c'est bien en mode sans echec ou c'est avant de redemarrer en mode sans echec?

g!rly · Answer

re,

mse veux dire mode sans echec.

regarde comment faire en bas de cette page :

http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/redemarrer-mode-echec-sujet_1526_1.htm

@+

Harry Seldon · Answer

ok ça c'est bien passé.
je fais quoi?

g!rly · Answer

repost un hijack this stp
@+

Harry Seldon · Answer

re,

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:31:46, on 04/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
F:\photoshop\PhotoshopElementsFileAgent.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrB.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\VTTimer.exe
C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Lexmark 2500 Series\lxddamon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\DeltTray.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\Program Files\iTunes\iTunesHelper.exe
F:\photoshop\apdproxy.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
E:\deamon tool\DAEMON Tools Lite\daemon.exe
C:\Program Files\Microsoft Encarta\Collection Encarta 2004\EDICT.EXE
C:\PROGRA~1\Wanadoo\GestionnaireInternet.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\Wanadoo\ComComp.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Wanadoo\Toaster.exe
C:\PROGRA~1\Wanadoo\Inactivity.exe
C:\PROGRA~1\Wanadoo\PollingModule.exe
C:\WINDOWS\System32\ALERTM~1\ALERTM~1.EXE
C:\PROGRA~1\Wanadoo\Watch.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTeK\ASUSDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [Launch PC Probe II] "C:\Program Files\ASUS\PC Probe II\Probe2.exe" 1
O4 - HKLM\..\Run: [WOOWATCH] C:\PROGRA~1\Wanadoo\Watch.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OBealsched.exe"  -osboot
O4 - HKLM\..\Run: [JMB36X Configure] C:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [lxddmon.exe] "C:\Program Files\Lexmark 2500 Series\lxddmon.exe"
O4 - HKLM\..\Run: [lxddamon] "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "E:\acrobat reader\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ioCentre] C:\Genius\ioCentre\gTaskBar.exe
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "F:\photoshop\apdproxy.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [WOOKIT] C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [DAEMON Tools Lite] "E:\deamon tool\DAEMON Tools Lite\daemon.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Organise-notes - {9455301C-CF6B-11D3-A266-00C04F689C50} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Researcher\EROPROJ.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - https://www.orange.fr/portail (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx1.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - F:\photoshop\PhotoshopElementsFileAgent.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe

g!rly · Answer

re,

le service a bien ete supprimé...

comment va ton surf maintenant?

toujours des pepins?

@+

Harry Seldon · Answer

oui toujours,
ça rame, et ensuite la page ne s'affiche pas il faut actualiser plusieurs fois avant de l'atteindre, comme toujours c'est tres alléatoire parfois ca marche bien !!

g!rly · Answer

intrernet explorer y remarche?

Harry Seldon · Answer

pour IE je viens d'essayer 5 foi,s la 5eme fois a marché sinon "Server is too busy" ou page blanche.

g!rly · Answer

re,

essaie de faire ceci :

Outils / options internet / programmes / gérer les modules complèmentaires

Désactiver le module windows Live Sign-in Helper

valide par Ok

Relancer IE7

Harry Seldon · Answer

il était désactivé!!

Harry Seldon · Answer

ca va pas du tout, j'ai beaucoup de mal a naviguer avec firefox et IE!

g!rly · Answer

re,

Vide tes fichiers temporaires avec ceci:
->Clean Up 40:
http://pageperso.aol.fr/balltrap34/CleanUp40.exe
->aide en image:(merci a Balltrap34)
http://pageperso.aol.fr/balltrap34/democleanup.htm

click sur option et decoche : delete prefect files.

puis manuellement vide :

:: Le contenu du dossier prefetch ::

* C:\WINDOWS\Prefetch <= sauf le fichier layout.ini

* Ne pas oublier de vider la corbeille !

puis fais aussi celui ci :

nettoie tes fichiers temporaires avec ceci : atf cleaner, regarde le tuto...

http://www.infosecu.fr/atf.html

telecharge le ici :

http://serveur1.archive-host.com/membres/up/1366464061/ATF-Cleaner.rar

@+

Harry Seldon · Answer

ok c'est fait!
j'avais l'impression que c'etait beaucoup mieux maintenant!et en fait bof bof.
-
La confiance n'exclut pas le contrôle.

g!rly · Answer

re,

et bien tu me rassure ;-)

tiens moi au courrant.

@+

Harry Seldon · Answer

et bien je viens de rectifier le message en fait c'est toujours aussi alleatoire

g!rly · Answer

j´ai bien peur que ce ne soient mes dernieres cartes...

Harry Seldon · Answer

Tu veux dire que ce n'est plus un problème de Virus mais juste de configuration?

g!rly · Answer

je pensse oui...

Harry Seldon · Answer

ok G!rly,
Je peux donc clore ce sujet?
En tout cas je te remercie beaucoup, de m'avoir donné de ton temps pour me fournir ton aide précieuse.

MERCI
@++

g!rly · Answer

de rien.
désolé si je n´arrives pas a t´aider plus que ca...
bye`

Harry Seldon · Answer

re,
DSL! Antivir vient de détecter 1 virus!! encore;  (Virus or unwanted program 'APPL/Tool.PsKill.2 [APPL/Tool.PsKill.2]'
detected in file 'G:\System Volume Information\_restore{ABAF5229-C7C3-4DE4-9897-061B3C28B2DC}\RP194\A0041891.exe.) 
puis un deuxième quand j'ai lancer un scan antivir  (The file contains a virus or unwanted program 'APPL/Tool.PsKill.2' [program]
Action(s) taken:
The file was moved to "4812841f.qua"!)
j'ai mis en quanrantaine et supprimer.
Que dois je faire maintenant?

g!rly · Answer

re,

c´est clean.zip

supprime clean.zip

...

Harry Seldon · Answer

c'est fait, je lance une autre analyse et je te tiens au courant, si j'ai un problème .
bonne soirée

g!rly · Answer

ok
bonne soirée
@+

Harry Seldon · Answer

voici le rapport, il a trouvé un virus. AntiVir PersonalEdition Classic Report file date: lundi 4 février 2008 23:10 Scanning for 1091873 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: GAETAN-ORDI Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 05/09/2007 16:49:04 AVSCAN.DLL : 7.0.6.0 49192 Bytes 05/09/2007 16:49:04 LUKE.DLL : 7.0.5.3 147496 Bytes 05/09/2007 16:49:06 LUKERES.DLL : 7.0.6.1 10280 Bytes 05/09/2007 16:49:06 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 16:50:14 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 12:32:36 ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 11:30:24 ANTIVIR3.VDF : 7.0.2.89 291840 Bytes 04/02/2008 15:38:00 AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 02/02/2008 13:05:09 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 05/09/2007 16:49:04 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 15/01/2008 22:28:01 AVREG.DLL : 7.0.1.6 30760 Bytes 05/09/2007 16:49:04 AVARKT.DLL : 1.0.0.20 278568 Bytes 05/09/2007 16:49:03 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 05/09/2007 16:49:04 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 05/09/2007 16:48:53 RCTEXT.DLL : 7.0.62.0 86056 Bytes 05/09/2007 16:48:53 SQLITE3.DLL : 3.3.17.1 339968 Bytes 05/09/2007 16:49:07 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: G:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: lundi 4 février 2008 23:10 Starting search for hidden objects. '48738' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'Watch.exe' - '1' Module(s) have been scanned Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned Scan process 'PollingModule.exe' - '1' Module(s) have been scanned Scan process 'Inactivity.exe' - '1' Module(s) have been scanned Scan process 'Toaster.exe' - '1' Module(s) have been scanned Scan process 'ComComp.exe' - '1' Module(s) have been scanned Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned Scan process 'daemon.exe' - '1' Module(s) have been scanned Scan process 'gTaskSwitch.exe' - '1' Module(s) have been scanned Scan process 'gDeskMgm.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'gIMMgm.exe' - '1' Module(s) have been scanned Scan process 'gMGlass.exe' - '1' Module(s) have been scanned Scan process 'gZoom.exe' - '1' Module(s) have been scanned Scan process 'gAutoScroll.exe' - '1' Module(s) have been scanned Scan process 'gAutoPan.exe' - '1' Module(s) have been scanned Scan process 'gKbdTask.exe' - '1' Module(s) have been scanned Scan process 'gMouseTask.exe' - '1' Module(s) have been scanned Scan process 'apdproxy.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'delttray.exe' - '1' Module(s) have been scanned Scan process 'gTaskBar.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'lxddamon.exe' - '1' Module(s) have been scanned Scan process 'lxddmon.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'AsDHRemote.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'Probe2.exe' - '1' Module(s) have been scanned Scan process 'AsRc.exe' - '1' Module(s) have been scanned Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned Scan process 'VTTimer.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 67 processes with 67 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] No virus was found! Boot sector 'F:\' [NOTE] No virus was found! Boot sector 'G:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '31' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'E:\' Begin scan in 'F:\' Begin scan in 'G:\' G:\System Volume Information\_restore{ABAF5229-C7C3-4DE4-9897-061B3C28B2DC}\RP195\A0044024.exe [DETECTION] Contains detection pattern of the application APPL/Tool.PsKill.2 [INFO] The file was moved to '47d79b0a.qua'! End of the scan: mardi 5 février 2008 00:08 Used time: 57:59 min The scan has been done completely. 12503 Scanning directories 426262 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 426261 Files not concerned 2132 Archives were scanned 3 Warnings 31 Notes 48738 Objects were scanned with rootkit scan 0 Hidden objects were found je vais me coucher, je reviens demain en début de soirée! dis moi quoi ... ++

Harry Seldon · Answer

Voici le rapportAntivir + un HijackThis, antivir a trouvé un virus. AntiVir PersonalEdition Classic Report file date: lundi 4 février 2008 23:10 Scanning for 1091873 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: GAETAN-ORDI Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 05/09/2007 16:49:04 AVSCAN.DLL : 7.0.6.0 49192 Bytes 05/09/2007 16:49:04 LUKE.DLL : 7.0.5.3 147496 Bytes 05/09/2007 16:49:06 LUKERES.DLL : 7.0.6.1 10280 Bytes 05/09/2007 16:49:06 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 16:50:14 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 12:32:36 ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 11:30:24 ANTIVIR3.VDF : 7.0.2.89 291840 Bytes 04/02/2008 15:38:00 AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 02/02/2008 13:05:09 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 05/09/2007 16:49:04 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 15/01/2008 22:28:01 AVREG.DLL : 7.0.1.6 30760 Bytes 05/09/2007 16:49:04 AVARKT.DLL : 1.0.0.20 278568 Bytes 05/09/2007 16:49:03 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 05/09/2007 16:49:04 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 05/09/2007 16:48:53 RCTEXT.DLL : 7.0.62.0 86056 Bytes 05/09/2007 16:48:53 SQLITE3.DLL : 3.3.17.1 339968 Bytes 05/09/2007 16:49:07 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: G:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: lundi 4 février 2008 23:10 Starting search for hidden objects. '48738' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'Watch.exe' - '1' Module(s) have been scanned Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned Scan process 'PollingModule.exe' - '1' Module(s) have been scanned Scan process 'Inactivity.exe' - '1' Module(s) have been scanned Scan process 'Toaster.exe' - '1' Module(s) have been scanned Scan process 'ComComp.exe' - '1' Module(s) have been scanned Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned Scan process 'daemon.exe' - '1' Module(s) have been scanned Scan process 'gTaskSwitch.exe' - '1' Module(s) have been scanned Scan process 'gDeskMgm.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'gIMMgm.exe' - '1' Module(s) have been scanned Scan process 'gMGlass.exe' - '1' Module(s) have been scanned Scan process 'gZoom.exe' - '1' Module(s) have been scanned Scan process 'gAutoScroll.exe' - '1' Module(s) have been scanned Scan process 'gAutoPan.exe' - '1' Module(s) have been scanned Scan process 'gKbdTask.exe' - '1' Module(s) have been scanned Scan process 'gMouseTask.exe' - '1' Module(s) have been scanned Scan process 'apdproxy.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'delttray.exe' - '1' Module(s) have been scanned Scan process 'gTaskBar.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'lxddamon.exe' - '1' Module(s) have been scanned Scan process 'lxddmon.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'AsDHRemote.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'Probe2.exe' - '1' Module(s) have been scanned Scan process 'AsRc.exe' - '1' Module(s) have been scanned Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned Scan process 'VTTimer.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 67 processes with 67 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] No virus was found! Boot sector 'F:\' [NOTE] No virus was found! Boot sector 'G:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '31' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'E:\' Begin scan in 'F:\' Begin scan in 'G:\' G:\System Volume Information\_restore{ABAF5229-C7C3-4DE4-9897-061B3C28B2DC}\RP195\A0044024.exe [DETECTION] Contains detection pattern of the application APPL/Tool.PsKill.2 [INFO] The file was moved to '47d79b0a.qua'! End of the scan: mardi 5 février 2008 00:08 Used time: 57:59 min The scan has been done completely. 12503 Scanning directories 426262 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 426261 Files not concerned 2132 Archives were scanned 3 Warnings 31 Notes 48738 Objects were scanned with rootkit scan 0 Hidden objects were found

Harry Seldon · Answer

Voici le rapportAntivir + un HijackThis, antivir a trouvé un virus. AntiVir PersonalEdition Classic Report file date: lundi 4 février 2008 23:10 Scanning for 1091873 virus strains and unwanted programs. Licensed to: Avira AntiVir PersonalEdition Classic Serial number: 0000149996-ADJIE-0001 Platform: Windows XP Windows version: (Service Pack 2) [5.1.2600] Username: SYSTEM Computer name: GAETAN-ORDI Version information: BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00 AVSCAN.EXE : 7.0.6.1 290856 Bytes 05/09/2007 16:49:04 AVSCAN.DLL : 7.0.6.0 49192 Bytes 05/09/2007 16:49:04 LUKE.DLL : 7.0.5.3 147496 Bytes 05/09/2007 16:49:06 LUKERES.DLL : 7.0.6.1 10280 Bytes 05/09/2007 16:49:06 ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 16:50:14 ANTIVIR1.VDF : 7.0.1.95 3367424 Bytes 14/12/2007 12:32:36 ANTIVIR2.VDF : 7.0.2.49 1339904 Bytes 25/01/2008 11:30:24 ANTIVIR3.VDF : 7.0.2.89 291840 Bytes 04/02/2008 15:38:00 AVEWIN32.DLL : 7.6.0.62 3240448 Bytes 02/02/2008 13:05:09 AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 09:36:26 AVPREF.DLL : 7.0.2.2 25640 Bytes 05/09/2007 16:49:04 AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 12:16:24 AVPACK32.DLL : 7.6.0.3 360488 Bytes 15/01/2008 22:28:01 AVREG.DLL : 7.0.1.6 30760 Bytes 05/09/2007 16:49:04 AVARKT.DLL : 1.0.0.20 278568 Bytes 05/09/2007 16:49:03 AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 05/09/2007 16:49:04 NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 10:09:42 RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 05/09/2007 16:48:53 RCTEXT.DLL : 7.0.62.0 86056 Bytes 05/09/2007 16:48:53 SQLITE3.DLL : 3.3.17.1 339968 Bytes 05/09/2007 16:49:07 Configuration settings for the scan: Jobname..........................: Complete system scan Configuration file...............: c:\program files\antivir personaledition classic\sysscan.avp Logging..........................: low Primary action...................: interactive Secondary action.................: ignore Scan master boot sector..........: on Scan boot sector.................: on Boot sectors.....................: G:, Scan memory......................: on Process scan.....................: on Scan registry....................: on Search for rootkits..............: on Scan all files...................: All files Scan archives....................: on Recursion depth..................: 20 Smart extensions.................: on Deviating archive types..........: +BSD Mailbox, +Netscape/Mozilla Mailbox, +Eudora Mailbox, +Squid cache, +Pegasus Mailbox, +MS Outlook Mailbox, Macro heuristic..................: on File heuristic...................: high Deviating risk categories........: +APPL,+GAME,+JOKE,+PCK,+SPR, Start of the scan: lundi 4 février 2008 23:10 Starting search for hidden objects. '48738' objects were checked, '0' hidden objects were found. The scan of running processes will be started Scan process 'firefox.exe' - '1' Module(s) have been scanned Scan process 'avscan.exe' - '1' Module(s) have been scanned Scan process 'avcenter.exe' - '1' Module(s) have been scanned Scan process 'Watch.exe' - '1' Module(s) have been scanned Scan process 'ALERTM~1.EXE' - '1' Module(s) have been scanned Scan process 'PollingModule.exe' - '1' Module(s) have been scanned Scan process 'Inactivity.exe' - '1' Module(s) have been scanned Scan process 'Toaster.exe' - '1' Module(s) have been scanned Scan process 'ComComp.exe' - '1' Module(s) have been scanned Scan process 'GestionnaireInternet.exe' - '1' Module(s) have been scanned Scan process 'daemon.exe' - '1' Module(s) have been scanned Scan process 'gTaskSwitch.exe' - '1' Module(s) have been scanned Scan process 'gDeskMgm.exe' - '1' Module(s) have been scanned Scan process 'ctfmon.exe' - '1' Module(s) have been scanned Scan process 'gIMMgm.exe' - '1' Module(s) have been scanned Scan process 'gMGlass.exe' - '1' Module(s) have been scanned Scan process 'gZoom.exe' - '1' Module(s) have been scanned Scan process 'gAutoScroll.exe' - '1' Module(s) have been scanned Scan process 'gAutoPan.exe' - '1' Module(s) have been scanned Scan process 'gKbdTask.exe' - '1' Module(s) have been scanned Scan process 'gMouseTask.exe' - '1' Module(s) have been scanned Scan process 'apdproxy.exe' - '1' Module(s) have been scanned Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned Scan process 'delttray.exe' - '1' Module(s) have been scanned Scan process 'gTaskBar.exe' - '1' Module(s) have been scanned Scan process 'rundll32.exe' - '1' Module(s) have been scanned Scan process 'lxddamon.exe' - '1' Module(s) have been scanned Scan process 'lxddmon.exe' - '1' Module(s) have been scanned Scan process 'jusched.exe' - '1' Module(s) have been scanned Scan process 'avgnt.exe' - '1' Module(s) have been scanned Scan process 'AsDHRemote.exe' - '1' Module(s) have been scanned Scan process 'realsched.exe' - '1' Module(s) have been scanned Scan process 'Probe2.exe' - '1' Module(s) have been scanned Scan process 'AsRc.exe' - '1' Module(s) have been scanned Scan process 'PDVDServ.exe' - '1' Module(s) have been scanned Scan process 'VTTimer.exe' - '1' Module(s) have been scanned Scan process 'explorer.exe' - '1' Module(s) have been scanned Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned Scan process 'iPodService.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'alg.exe' - '1' Module(s) have been scanned Scan process 'kpf4gui.exe' - '1' Module(s) have been scanned Scan process 'ULCDRSvr.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'StarWindServiceAE.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrB.exe' - '1' Module(s) have been scanned Scan process 'PnkBstrA.exe' - '1' Module(s) have been scanned Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned Scan process 'kpf4ss.exe' - '1' Module(s) have been scanned Scan process 'FTRTSVC.exe' - '1' Module(s) have been scanned Scan process 'guard.exe' - '1' Module(s) have been scanned Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned Scan process 'sched.exe' - '1' Module(s) have been scanned Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned Scan process 'avguard.exe' - '1' Module(s) have been scanned Scan process 'spoolsv.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'svchost.exe' - '1' Module(s) have been scanned Scan process 'lsass.exe' - '1' Module(s) have been scanned Scan process 'services.exe' - '1' Module(s) have been scanned Scan process 'winlogon.exe' - '1' Module(s) have been scanned Scan process 'csrss.exe' - '1' Module(s) have been scanned Scan process 'smss.exe' - '1' Module(s) have been scanned 67 processes with 67 modules were scanned Starting master boot sector scan: Master boot sector HD0 [NOTE] No virus was found! Start scanning boot sectors: Boot sector 'C:\' [NOTE] No virus was found! Boot sector 'E:\' [NOTE] No virus was found! Boot sector 'F:\' [NOTE] No virus was found! Boot sector 'G:\' [NOTE] No virus was found! Starting to scan the registry. The registry was scanned ( '31' files ). Starting the file scan: Begin scan in 'C:\' C:\hiberfil.sys [WARNING] The file could not be opened! C:\pagefile.sys [WARNING] The file could not be opened! C:\WINDOWS\system32\drivers\sptd.sys [WARNING] The file could not be opened! Begin scan in 'E:\' Begin scan in 'F:\' Begin scan in 'G:\' G:\System Volume Information\_restore{ABAF5229-C7C3-4DE4-9897-061B3C28B2DC}\RP195\A0044024.exe [DETECTION] Contains detection pattern of the application APPL/Tool.PsKill.2 [INFO] The file was moved to '47d79b0a.qua'! End of the scan: mardi 5 février 2008 00:08 Used time: 57:59 min The scan has been done completely. 12503 Scanning directories 426262 Files were scanned 1 viruses and/or unwanted programs were found 0 Files were classified as suspicious: 0 files were deleted 0 files were repaired 1 files were moved to quarantine 0 files were renamed 3 Files cannot be scanned 426261 Files not concerned 2132 Archives were scanned 3 Warnings 31 Notes 48738 Objects were scanned with rootkit scan 0 Hidden objects were found

g!rly · Answer

re,

Information\_restore{ABAF5229-C7C3-4DE4-9897-061B3C28B2DC}\RP195\A0044024.exe
[DETECTION] Contains detection pattern of the application APPL/Tool.PsKill.2 

ceci concerne clean.zip l´outil que l´on a utilisé auparavant, il n´y a pas de soucis!

fais ceci :

supprime clean.zip

et

Désactive ta restauration système:
pour cela :
Click droit sur poste de travail, dans l´arborescence sur propriétés; 
dans la nouvelle fenettre click sur l´onglet restauration système;
coche la case désactiver la restauration systèm et applique.
puis redemarre le pc et click droit sur poste de travail, dans l´arborescence sur propriétés; 
dans la nouvelle fenettre click sur l´onglet restauration systèm
décoche la case désactiver la restauration systèm et applique. 

@+

Harry Seldon · Answer

C'est ok pour l'instant.
bonne nuit
@+

g!rly · Answer

bonne nuit ;-)
bye`

Infecté par un virus!!!

80 réponses

Discussions similaires

Newsletters