Virus

Résolu
sacha63 Messages postés 150 Statut Membre -  
sacha63 Messages postés 150 Statut Membre -
Bonjour,
Il y a un virus (ou plusieurs) qui traîne sur mon ordinateur que je n'arrive pas à supprimer. Aussi, lorsque j'ouvre internet explorer, il y a une infinité de page qui s'ouvre sans que je n'ai rien fais. Seul mozilla marche. Voici mon rapport hijackthis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:12:25, on 08/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
C:\Windows\ehome\ehmsas.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\explorer.exe
C:\Windows\system32\WerCon.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Daniel\AppData\Local\Temp\yaywv.dll,c
O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Daniel\AppData\Local\Temp\qomlm.dll,#1
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O13 - Gopher Prefix:
O15 - Trusted Zone: http://philil.officeisp.net
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{B20E0201-901E-40BA-8665-5EA5122F6418}: NameServer = 212.27.32.176,212.27.32.177
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12690 bytes

En espérant que vous pourez m'aider,
Cordialement
Configuration: Windows Vista
Firefox 2.0.0.12

42 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Un virus et une infection informatique sont signalés sur un PC Windows Vista, avec des pages qui s’ouvrent sans action et un comportement de navigation perturbé, seul Mozilla restant opérationnel. Plusieurs solutions ont été évoquées, notamment l’envoi du rapport HijackThis pour analyse par des spécialistes, et la vérification via des outils antivirus, puis l’analyse de fichiers suspects via VirusTotal. En cas de doute sur des fichiers temporaires ou des entrées de registre, les conseils portent sur la prudence: ne pas supprimer manuellement avant une expertise et privilégier une désinfection supervisée. D'autres échanges suggèrent d'utiliser des outils complémentaires et de vérifier les résultats avec des sources externes pour éviter d'interpréter à tort des éléments légitimes; l'évolution dépendra d'une analyse spécialisée.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    si tu as norton et antivir , vire un des deux!

    fix ces lignes avec hijakchits (fix cheked)

    O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Daniel\AppData\Local\Temp\yaywv.dll,c
    O4 - HKCU\..\Run: [MSServer] rundll32.exe C:\Users\Daniel\AppData\Local\Temp\qomlm.dll,#1

    ____________

    combofix (colle le rapport)
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    _______________

    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Users\Daniel\AppData\Local\Temp\qomlm.dll,
    C:\Users\Daniel\AppData\Local\Temp\yaywv.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    _____________________
    0
    1. sacha63 Messages postés 150 Statut Membre
       
      Merci de ta réponse si rapide et précise! Voici mon rapport combofix :

      ComboFix 08-03-07.4 - Daniel 2008-03-08 14:48:25.2 - NTFSx86
      Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.1.1036.18.1209 [GMT 1:00]
      Endroit: C:\Users\Daniel\Desktop\ComboFix.exe
      .

      ((((((((((((((((((((((((((((( Fichiers créés 2008-02-08 to 2008-03-08 ))))))))))))))))))))))))))))))))))))
      .

      Pas de nouveau fichier créé dans cet espace de temps

      .
      (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
      .
      2008-03-08 12:09 --------- d-----w C:\Program Files\Trend Micro
      2008-03-05 07:05 --------- d-----w C:\Program Files\AdVantage
      2008-03-04 21:58 --------- d-----w C:\Program Files\Spybot - Search & Destroy
      2008-03-04 21:52 691,545 ----a-w C:\Windows\unins000.exe
      2008-03-04 21:49 --------- d-----w C:\Users\Daniel\AppData\Roaming\uTorrent
      2008-03-04 21:40 25,248 ----a-w C:\Users\Daniel\AppData\Roaming\nvModes.dat
      2008-02-29 21:06 --------- d-----w C:\Users\Daniel\AppData\Roaming\vlc
      2008-02-29 21:04 --------- d-----w C:\Program Files\Freeplayer
      2008-02-27 17:39 103,736 ----a-w C:\Windows\System32\PnkBstrB.exe
      2008-02-27 17:21 66,872 ----a-w C:\Windows\System32\PnkBstrA.exe
      2008-02-27 17:21 22,328 ----a-w C:\Windows\system32\drivers\PnkBstrK.sys
      2008-02-24 16:03 --------- d-----w C:\Program Files\VirtualDub
      2008-02-24 13:37 --------- d-----w C:\Program Files\Common Files\Adobe
      2008-02-16 22:15 43,520 ----a-w C:\Windows\System32\CmdLineExt03.dll
      2008-02-15 23:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
      2008-02-15 21:37 22,328 ----a-w C:\Users\Daniel\AppData\Roaming\PnkBstrK.sys
      2008-02-15 21:07 --------- d-----w C:\Program Files\Activision
      2008-02-15 20:54 --------- d-----w C:\ProgramData\Roxio
      2008-02-15 20:53 --------- d-----w C:\Users\Daniel\AppData\Roaming\Roxio
      2008-02-13 14:54 194,560 ----a-w C:\Windows\System32\WebClnt.dll
      2008-02-13 14:54 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
      2008-02-13 14:50 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
      2008-02-13 14:50 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
      2008-02-13 14:50 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
      2008-02-13 14:49 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
      2008-02-13 14:49 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
      2008-02-13 14:49 25,656 ----a-w C:\Windows\system32\drivers\msahci.sys
      2008-02-13 14:49 24,064 ----a-w C:\Windows\System32\netcfg.exe
      2008-02-13 14:49 22,016 ----a-w C:\Windows\System32\netiougc.exe
      2008-02-13 14:49 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
      2008-02-13 14:49 17,464 ----a-w C:\Windows\system32\drivers\intelide.sys
      2008-02-13 14:49 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
      2008-02-13 14:49 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
      2008-02-13 14:49 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
      2008-02-13 14:49 --------- d-----w C:\ProgramData\Microsoft Help
      2008-02-13 14:48 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
      2008-02-13 14:48 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
      2008-02-13 14:48 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
      2008-02-13 14:48 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
      2008-02-13 14:48 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
      2008-02-13 14:48 1,686,528 ----a-w C:\Windows\System32\gameux.dll
      2008-02-13 14:46 824,832 ----a-w C:\Windows\System32\wininet.dll
      2008-02-13 14:46 56,320 ----a-w C:\Windows\System32\iesetup.dll
      2008-02-13 14:46 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
      2008-02-13 14:46 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
      2008-02-09 17:26 --------- d-----w C:\Users\Daniel\AppData\Roaming\DivX
      2008-02-09 15:33 --------- d-----w C:\Program Files\DivX
      2008-02-09 15:33 --------- d-----w C:\Program Files\Common Files\PX Storage Engine
      2008-02-09 13:59 --------- d-----w C:\Users\Daniel\AppData\Roaming\Hamachi
      2008-02-04 18:50 25,280 ----a-w C:\Windows\system32\drivers\hamachi.sys
      2008-02-04 18:50 --------- d-----w C:\Program Files\Hamachi
      2008-01-27 17:10 --------- d-----w C:\Users\Daniel\AppData\Roaming\InstallShield
      2008-01-27 14:01 --------- d-----w C:\Program Files\Philips
      2008-01-22 21:59 --------- d-----w C:\ProgramData\CyberLink
      2008-01-22 19:32 --------- d-----w C:\Program Files\CyberLink
      2008-01-22 18:44 306,432 ----a-w C:\Windows\System32\TuneUpDefragService.exe
      2008-01-22 18:44 --------- d-----w C:\Users\Daniel\AppData\Roaming\TuneUp Software
      2008-01-22 18:44 --------- d-----w C:\ProgramData\TuneUp Software
      2008-01-22 18:44 --------- d-----w C:\Program Files\TuneUp Utilities 2008
      2008-01-22 18:42 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
      2008-01-15 16:21 --------- d-----w C:\Users\Daniel\AppData\Roaming\DAEMON Tools
      2008-01-14 16:09 --------- d-----w C:\Program Files\DAEMON Tools Lite
      2008-01-14 06:10 715,248 ----a-w C:\Windows\system32\drivers\sptd.sys
      2008-01-11 21:13 --------- d-----w C:\Program Files\Veoh Networks
      2008-01-10 05:50 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
      2008-01-10 02:10 --------- d-----w C:\Program Files\Windows Sidebar
      2008-01-10 02:10 --------- d-----w C:\Program Files\Windows Mail
      2008-01-10 02:02 211,000 ----a-w C:\Windows\system32\drivers\volsnap.sys
      2008-01-10 02:02 1,060,920 ----a-w C:\Windows\system32\drivers\ntfs.sys
      2008-01-10 02:01 11,776 ----a-w C:\Windows\System32\sbunattend.exe
      2008-01-04 21:59 524,288 ----a-w C:\Windows\System32\DivXsm.exe
      2008-01-04 21:58 3,596,288 ----a-w C:\Windows\System32\qt-dx331.dll
      2008-01-04 21:58 200,704 ----a-w C:\Windows\System32\ssldivx.dll
      2008-01-04 21:58 129,784 ------w C:\Windows\System32\PxAFS.DLL
      2008-01-04 21:58 1,044,480 ----a-w C:\Windows\System32\libdivx.dll
      2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx0c.dll
      2008-01-04 21:57 823,296 ----a-w C:\Windows\System32\divx_xx07.dll
      2008-01-04 21:57 81,920 ----a-w C:\Windows\System32\dpl100.dll
      2008-01-04 21:57 802,816 ----a-w C:\Windows\System32\divx_xx11.dll
      2008-01-04 21:57 682,496 ----a-w C:\Windows\System32\DivX.dll
      2008-01-04 21:57 593,920 ----a-w C:\Windows\System32\dpuGUI11.dll
      2008-01-04 21:57 57,344 ----a-w C:\Windows\System32\dpv11.dll
      2008-01-04 21:57 53,248 ----a-w C:\Windows\System32\dpuGUI10.dll
      2008-01-04 21:57 344,064 ----a-w C:\Windows\System32\dpus11.dll
      2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu11.dll
      2008-01-04 21:57 294,912 ----a-w C:\Windows\System32\dpu10.dll
      2008-01-04 21:57 196,608 ----a-w C:\Windows\System32\dtu100.dll
      2008-01-04 21:56 156,992 ----a-w C:\Windows\System32\DivXCodecVersionChecker.exe
      2008-01-04 21:56 12,288 ----a-w C:\Windows\System32\DivXWMPExtType.dll
      2007-12-20 09:44 16,640 ----a-w C:\Windows\System32\authuitu.dll
      2007-12-20 09:41 29,440 ----a-w C:\Windows\System32\uxtuneup.dll
      2007-12-13 02:06 1,327,104 ----a-w C:\Windows\System32\quartz.dll
      2007-12-13 02:05 9,728 ----a-w C:\Windows\System32\LAPRXY.DLL
      2007-12-13 02:05 223,232 ----a-w C:\Windows\System32\WMASF.DLL
      2007-08-30 19:16 174 --sha-w C:\Program Files\desktop.ini
      2007-05-06 18:58 0 ----a-w C:\Users\Daniel\AppData\Roaming\wklnhst.dat
      2007-04-01 12:36 39 ----a-w C:\Users\Daniel\adresses.dat
      .

      ((((((((((((((((((((((((((((( snapshot@2008-03-08_13.50.05,02 )))))))))))))))))))))))))))))))))))))))))
      .
      - 2008-03-08 11:37:05 67,584 --s-a-w C:\Windows\bootstat.dat
      + 2008-03-08 13:04:25 67,584 --s-a-w C:\Windows\bootstat.dat
      - 2008-03-08 12:21:50 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
      + 2008-03-08 13:32:19 262,144 ----a-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\usrclass.dat
      - 2008-03-08 11:38:50 1,339,392 ----a-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
      + 2008-03-08 13:14:59 1,339,392 ----a-w C:\Windows\ServiceProfiles\LocalService\ntuser.dat
      - 2008-03-08 12:45:46 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
      + 2008-03-08 13:48:29 262,144 ----a-w C:\Windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\usrclass.dat
      - 2008-03-08 11:38:45 1,572,864 ----a-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
      + 2008-03-08 13:14:54 1,572,864 ----a-w C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
      - 2008-03-08 11:44:56 104,768 ----a-w C:\Windows\System32\perfc009.dat
      + 2008-03-08 13:10:35 104,768 ----a-w C:\Windows\System32\perfc009.dat
      - 2008-03-08 11:44:57 118,450 ----a-w C:\Windows\System32\perfc00C.dat
      + 2008-03-08 13:10:35 118,450 ----a-w C:\Windows\System32\perfc00C.dat
      - 2008-03-08 11:44:57 613,046 ----a-w C:\Windows\System32\perfh009.dat
      + 2008-03-08 13:10:35 613,046 ----a-w C:\Windows\System32\perfh009.dat
      - 2008-03-08 11:44:57 693,588 ----a-w C:\Windows\System32\perfh00C.dat
      + 2008-03-08 13:10:36 693,588 ----a-w C:\Windows\System32\perfh00C.dat
      - 2008-03-08 11:39:47 10,030 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-42214175-1083591781-1258164041-1000_UserData.bin
      + 2008-03-08 13:30:03 10,078 ----a-w C:\Windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-42214175-1083591781-1258164041-1000_UserData.bin
      - 2008-03-08 11:39:46 79,336 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      + 2008-03-08 13:30:02 79,510 ----a-w C:\Windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
      - 2008-03-08 11:39:42 50,594 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      + 2008-03-08 13:29:59 50,618 ----a-w C:\Windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
      .
      ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
      .
      .
      REGEDIT4
      *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-10 03:01 1232896]
      "swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-04-04 09:22 171448]
      "ehTray.exe"="C:\Windows\ehome\ehTray.exe" [2006-11-02 13:35 125440]
      "ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2005-02-16 16:15 221184]
      "cmds"="C:\Users\Daniel\AppData\Local\Temp\yaywv.dll" [2008-03-04 22:45 296448]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
      "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-04-11 02:00 1006264]
      "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-15 06:02 815104]
      "ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 12:08 107112]
      "osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 14:18 22696]
      "QPService"="C:\Program Files\HP\QuickPlay\QPService.exe" [2006-12-02 16:32 167936]
      "HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe" [2006-12-10 20:52 49152]
      "QlbCtrl"="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2006-11-06 10:58 159744]
      "HP Health Check Scheduler"="C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2006-12-04 12:39 46704]
      "WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2006-10-18 09:56 317152]
      "hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2006-10-18 09:32 472800]
      "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
      "TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2007-05-06 21:21 185896]
      "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-09-01 09:31 286720]
      "NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-02-28 17:26 90191]
      "NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-02-28 17:26 7770112]
      "NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-02-28 17:26 81920]
      "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-12-20 21:15 249896]
      "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
      "MSConfig"="C:\Windows\system32\msconfig.exe" [2006-11-02 10:45 222208]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
      "Launcher"="%WINDIR%\SMINST\launcher.exe" [ ]

      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
      HP Digital Imaging Monitor.lnk - C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe [2007-01-02 20:40:10 210520]

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\795C3208107D7C545A5C]
      C:\Users\Daniel\AppData\Local\Temp\bsiphdct.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\79edc98a]
      C:\Users\Daniel\AppData\Local\Temp\cjbixdik.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Auto Run Software for Photo Frame]
      --a------ 2007-08-27 17:41 4404736 C:\Program Files\Philips\Philips PhotoFrame\PhotoManager.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BM7adefa16]
      C:\Users\Daniel\AppData\Local\Temp\kovtkalx.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\cmds]
      --a------ 2008-03-04 22:45 296448 C:\Users\Daniel\AppData\Local\Temp\yaywv.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
      --a------ 2007-12-15 11:02 482760 C:\Program Files\DAEMON Tools Lite\daemon.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
      --a------ 2007-01-08 22:17 52256 C:\Program Files\CyberLink\PowerDVD\Language\Language.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MS Juan]
      C:\Users\Daniel\AppData\Local\Temp\yvfflvpr.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSServer]
      C:\Users\Daniel\AppData\Local\Temp\khhhf.dll

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
      --------- 2007-01-08 22:26 68640 C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
      --a------ 2008-01-30 16:01 219952 C:\Program Files\uTorrent\uTorrent.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
      --a------ 2007-12-21 17:51 3481600 C:\Program Files\Veoh Networks\Veoh\VeohClient.exe

      [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
      "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"

      [HKEY_LOCAL_MACHINE\software\microsoft\security center]
      "UacDisableNotify"=dword:00000001
      "InternetSettingsDisableNotify"=dword:00000001
      "AutoUpdateDisableNotify"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
      "DisableMonitoring"=dword:00000001

      [HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
      "AntiVirusOverride"=dword:00000001

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
      "{8E260837-93CC-4F1B-93AE-C70C8B4849E0}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
      "{A341B4DA-5A2A-4E10-899E-4521CC649445}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
      "TCP Query User{83A504FE-9A37-49EF-9F37-0C4012A6B1B4}C:\program files\emule\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule|Desc=eMule
      "UDP Query User{36FD2AD1-227C-4D8F-A487-3F2A7A29B718}C:\program files\emule\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule|Desc=eMule
      "{DE541D8E-35F1-455A-9F8E-CFB2D5A55D18}"= C:\Program Files\MSN Messenger\livecall.exe:Windows Live Messenger 8.1 (Phone)|Edge=TRUE|
      "TCP Query User{59F74B6F-DAFC-4AA7-9F33-B849347692AD}C:\program files\internet explorer\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
      "UDP Query User{8BF60CE4-FBC2-413A-87F0-0B97C85A9FF8}C:\program files\internet explorer\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer|Desc=Internet Explorer
      "{A3F8952F-6181-472C-A756-AF610F62916C}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
      "{3F294FAC-069C-4A70-9F77-95FFB15FF500}"= UDP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
      "{683C3E93-F461-4C99-A717-55AF79D473D9}"= TCP:C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:Microsoft Office Groove
      "{19B878C9-06A0-410D-B9F4-9DD11B266E06}"= UDP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "{A01523CF-8AFB-4EEA-A782-C9B522F264A7}"= TCP:C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:Microsoft Office OneNote
      "TCP Query User{A47EB707-6D9D-44CF-B1AF-CC1C32BCD2B4}C:\program files\mozilla firefox\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
      "UDP Query User{EE93CF81-B853-40E2-ACEF-9D7A3B1A92F8}C:\program files\mozilla firefox\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox|Desc=Firefox
      "TCP Query User{E4A66B61-92C6-483F-8D63-4CD944E3CA0E}C:\program files\utorrent\utorrent.exe"= UDP:C:\program files\utorrent\utorrent.exe:uTorrent|Desc=uTorrent
      "UDP Query User{25992FA8-B6E7-4F0B-B3BD-A6110F6C4BA8}C:\program files\utorrent\utorrent.exe"= TCP:C:\program files\utorrent\utorrent.exe:uTorrent|Desc=uTorrent
      "{7726267E-DBCE-4192-BBD1-CEEDD75AA06B}"= UDP:C:\Program Files\Steam\Steam.exe:Steam
      "{AD3277EF-AFAD-4447-B3EF-F24CF13F2627}"= TCP:C:\Program Files\Steam\Steam.exe:Steam
      "{34F2366B-36BC-4FA5-B5C5-86D664148E0C}"= UDP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
      "{54552428-66DD-4A87-8BFE-5C2C68D7603D}"= TCP:C:\Program Files\Electronic Arts\Crytek\Crysis SP Demo\Bin32\Crysis.exe:Crysis_32_sp_demo
      "TCP Query User{96CDE6D9-40B5-48FB-99A4-748745F7ED82}C:\program files\steam\steamapps\sacha63\half-life 2 deathmatch\hl2.exe"= UDP:C:\program files\steam\steamapps\sacha63\half-life 2 deathmatch\hl2.exe:hl2|Desc=hl2
      "UDP Query User{4F543E40-79EB-4B9F-AFA9-18D88A5CA981}C:\program files\steam\steamapps\sacha63\half-life 2 deathmatch\hl2.exe"= TCP:C:\program files\steam\steamapps\sacha63\half-life 2 deathmatch\hl2.exe:hl2|Desc=hl2
      "TCP Query User{FB77DE8F-A45C-40CD-9D30-0F3763BE90A7}C:\program files\steam\steamapps\sacha63\counter-strike source\hl2.exe"= UDP:C:\program files\steam\steamapps\sacha63\counter-strike source\hl2.exe:hl2|Desc=hl2
      "UDP Query User{127F1BE2-4151-42C2-BDEC-2AEA8D8C1FC6}C:\program files\steam\steamapps\sacha63\counter-strike source\hl2.exe"= TCP:C:\program files\steam\steamapps\sacha63\counter-strike source\hl2.exe:hl2|Desc=hl2
      "TCP Query User{45D4BC61-8364-431C-BF3D-398CD02451D6}C:\program files\veoh networks\veoh\veohclient.exe"= UDP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client
      "UDP Query User{870C0B78-73CB-40BE-9953-5D0267642EF9}C:\program files\veoh networks\veoh\veohclient.exe"= TCP:C:\program files\veoh networks\veoh\veohclient.exe:Veoh Client|Desc=Veoh Client
      "{7DAF9452-6024-46CB-B983-7E4C36011614}"= UDP:52267:utorrent
      "{EBC4AD44-1B08-4951-8F3D-6977973F46E9}"= TCP:52267:utorrent
      "TCP Query User{D3CF58EC-B223-4845-8D6D-671296C78DC2}C:\program files\hp\hp software update\hpwucli.exe"= UDP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client|Desc=HP Software Update Client
      "UDP Query User{5E0B9B2D-1ADF-40E6-823A-4D36F44E071B}C:\program files\hp\hp software update\hpwucli.exe"= TCP:C:\program files\hp\hp software update\hpwucli.exe:HP Software Update Client|Desc=HP Software Update Client
      "TCP Query User{B80AEFC9-A699-4A9B-A1A8-DFED56974CB8}C:\ut2004\system\ut2004.exe"= UDP:C:\ut2004\system\ut2004.exe:UT2004|Desc=UT2004
      "UDP Query User{FACB383F-966E-4BA6-B535-CB92C18311FD}C:\ut2004\system\ut2004.exe"= TCP:C:\ut2004\system\ut2004.exe:UT2004|Desc=UT2004
      "{BA488AF9-852D-476A-BFA1-F526480A450E}"= UDP:C:\Program Files\Hamachi\hamachi.exe:Hamachi
      "{70223C4A-D7C9-4F18-8BF0-24777D7B895E}"= TCP:C:\Program Files\Hamachi\hamachi.exe:Hamachi
      "{30C1CD48-6BCA-4153-A479-33FA69A2682E}"= UDP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
      "{EA499D4E-0EE5-47AC-8B4D-9BA0F3279D96}"= TCP:C:\Windows\System32\PnkBstrA.exe:PnkBstrA
      "{A1240BDE-0055-416D-9642-EBA97194DE15}"= UDP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
      "{116A3220-CC82-4D15-A147-A01C18585459}"= TCP:C:\Windows\System32\PnkBstrB.exe:PnkBstrB
      "{B9B65124-D544-4F52-9EF7-E90718352C92}"= UDP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
      "{4535769D-3A3C-402F-9E6A-2291F1550CDB}"= TCP:C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:Call of Duty(R) 4 - Modern Warfare(TM)
      "TCP Query User{C397DCE9-8684-43A2-9851-E7295CEECC00}C:\program files\freeplayer\vlc\vlc.exe"= UDP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player|Desc=VLC media player
      "UDP Query User{946CBBF1-9BA8-420F-A6DE-F3C3C6B952D4}C:\program files\freeplayer\vlc\vlc.exe"= TCP:C:\program files\freeplayer\vlc\vlc.exe:VLC media player|Desc=VLC media player

      [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
      "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

      R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys [2006-10-20 18:10]
      R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-01-28 11:43]
      R2 UxTuneUp;TuneUp Extension de thème;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
      R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 18:39]
      R3 NETw3v32;Pilote de carte réseau Intel(R) PRO/Wireless 3945ABG pour Windows Vista 32 bits;C:\Windows\system32\DRIVERS\NETw3v32.sys [2006-11-09 10:02]
      S3 BCM43XV;Pilote de la carte réseau extensible Broadcom 802.11;C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 08:30]
      S3 MODBDA2;DiBcom MOD3000 TV receiver;C:\Windows\system32\Drivers\yuanmodbda2.sys [2006-10-14 12:36]
      S3 Steam Client Service;Steam Client Service;C:\Program Files\Common Files\Steam\SteamService.exe [2008-01-02 20:17]
      S3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-10-25 03:40]
      S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-01-22 19:44]

      [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
      bthsvcs REG_MULTI_SZ BthServ
      HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
      hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
      UxTuneUp

      *Newly Created Service* - COMHOST
      .
      Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
      "2008-02-15 16:50:22 C:\Windows\Tasks\Maintenance en 1 clic.job"
      - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
      "2008-02-15 19:00:00 C:\Windows\Tasks\Norton Internet Security - Run Full System Scan - Daniel.job"
      - c:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exeB/TASK:
      .
      **************************************************************************

      catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
      Rootkit scan 2008-03-08 14:51:32
      Windows 6.0.6000 NTFS

      Balayage processus cachés ...

      Balayage caché autostart entries ...

      Balayage des fichiers cachés ...

      Scan terminé avec succès
      Les fichiers cachés: 0

      **************************************************************************
      .
      --------------------- DLLs a chargé sous des processus courants ---------------------

      PROCESS: C:\Windows\Explorer.exe [6.00.6000.16549]
      -> C:\Users\Daniel\AppData\Local\Temp\yaywv.dll
      .
      Temps d'accomplissement: 2008-03-08 14:52:23
      ComboFix2.txt 2008-03-08 12:50:38
      .
      2008-03-08 11:44:21 --- E O F ---


      et voici celui de MoveIt :

      File/Folder C:\Users\Daniel\AppData\Local\Temp\qomlm.dll, not found.
      DllUnregisterServer procedure not found in C:\Users\Daniel\AppData\Local\Temp\yaywv.dll
      C:\Users\Daniel\AppData\Local\Temp\yaywv.dll NOT unregistered.
      File move failed. C:\Users\Daniel\AppData\Local\Temp\yaywv.dll scheduled to be moved on reboot.

      OTMoveIt2 v1.0.20 log created on 03082008_135837
      0
  2. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection):

    - Va dans démarrer puis panneau de configuration
    - Double Clique sur l'icône "Comptes d'utilisateurs"
    - Clique ensuite sur désactiver et valide.

    Télécharge maintenant Navilog1 depuis-ce lien :

    http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

    Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
    Ensuite double clique sur navilog1.exe pour lancer l'installation.
    Une fois l'installation terminée, Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter en tant qu'administrateur".

    Au menu principal, Fais le choix 1
    Laisse toi guider et patiente.
    Patiente jusqu'au message :
    *** Analyse Termine le ..... ***
    Appuie sur une touche le blocnote va s'ouvrir.
    Copie-colle l'intégralité du rapport dans une réponse.
    Referme le blocnote
    Le rapport fixnavi.txt est en outre sauvegardé dans %systemdrive%.
    0
    1. sacha63 Messages postés 150 Statut Membre
       
      Merci une fois de plus pour tes réponses qui sont je le répète très rapides et claires!
      Voici mon rapport navilog :

      Search Navipromo version 3.5.0 commencé le 08/03/2008 à 15:22:33,70

      !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
      !!! Postez ce rapport sur le forum pour le faire analyser !!!
      !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

      Outil exécuté depuis C:\Program Files\navilog1
      Mise à jour le 04.03.2008 à 17h00 par IL-MAFIOSO

      Microsoft Windows Vista 6.0.6000
      Internet Explorer : 7.0.6000.16609
      Système de fichiers : NTFS

      Executé en mode normal

      *** Recherche Programmes installés ***




      *** Recherche dossiers dans C:\Windows ***



      *** Recherche dossiers dans C:\Program Files ***


      *** Recherche dossiers dans C:\ProgramData ***


      *** Recherche dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***


      *** Recherche dossiers dans c:\users\daniel\appdata\roaming\microsoft\windows\start menu\programs ***


      *** Recherche dossiers dans C:\Users\Daniel\AppData\Local\virtualstore\Program Files ***



      *** Recherche dossiers dans C:\Users\Daniel\AppData\Roaming ***


      *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
      pour + d'infos : http://www.gmer.net

      Aucun Fichier trouvé



      *** Recherche avec GenericNaviSearch ***
      !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
      !!! A vérifier impérativement avant toute suppression manuelle !!!

      * Recherche dans C:\Windows\system32 *

      * Recherche dans C:\Users\Daniel\AppData\Local\Microsoft *

      * Recherche dans C:\Users\Daniel\AppData\Local *



      *** Recherche fichiers ***




      *** Recherche clés spécifiques dans le Registre ***


      *** Module de Recherche complémentaire ***
      (Recherche fichiers spécifiques)

      1)Recherche nouveaux fichiers Instant Access :


      2)Recherche Heuristique :

      * Dans C:\Windows\system32 :


      * Dans C:\Users\Daniel\AppData\Local\Microsoft :


      * Dans C:\Users\Daniel\AppData\Local :


      3)Recherche Certificats :

      Certificat Egroup absent !
      Certificat Electronic-Group absent !
      Certificat OOO-Favorit absent !

      4)Recherche fichiers connus :



      *** Analyse terminée le 08/03/2008 à 15:34:05,00 ***
      0
  3. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    analyse ces fichiers sur virus total et dis moi lesquels sont inféctés: https://www.virustotal.com/gui/

    C:\Users\Daniel\AppData\Local\Temp\yaywv.dll
    C:\Users\Daniel\AppData\Local\Temp\bsiphdct.dll
    C:\Users\Daniel\AppData\Local\Temp\cjbixdik.dll
    C:\Users\Daniel\AppData\Local\Temp\kovtkalx.dll
    C:\Users\Daniel\AppData\Local\Temp\yaywv.dll
    C:\Users\Daniel\AppData\Local\Temp\yvfflvpr.dll
    C:\Users\Daniel\AppData\Local\Temp\khhhf.dll

    _____________

    recolle hijackhtis et dis tes soucis
    0
    1. sacha63 Messages postés 150 Statut Membre
       
      Voilà ce qu'il me trouve pour yaywv :

      Résultat: 9/32 (28.13%)
      BitDefender 7.2 2008.03.08 Trojan.Vundo.EBP
      F-Prot 4.4.2.54 2008.03.08 W32/Virtumonde.G.gen!Eldorado
      F-Secure 6.70.13260.0 2008.03.08 Vundo.gen60
      Kaspersky 7.0.0.125 2008.03.08 not-a-virus:AdWare.Win32.Virtumonde.gen
      Norman 5.80.02 2008.03.07 Vundo.gen60
      Prevx1 V2 2008.03.08 Trojan.Vundo
      Rising 20.34.52.00 2008.03.08 AdWare.Win32.Virtumonde.ggh
      Sophos 4.27.0 2008.03.08 Mal/TibsPak
      VirusBuster 4.3.26:9 2008.03.07 Adware.Vundo.Gen!Pac.18

      pour bsiphdct
      0 bytes size received / Se ha recibido un archivo vacio

      pour cjbixdik
      0 bytes size received / Se ha recibido un archivo vacio

      pour kovtkalx</gras
      0 bytes size received / Se ha recibido un archivo vacio

      pour <gras>yvfflvpr

      0 bytes size received / Se ha recibido un archivo vacio

      pour khhhf
      0 bytes size received / Se ha recibido un archivo vacio

      Et revoilà un rapport HijackThis :

      Logfile of Trend Micro HijackThis v2.0.2
      Scan saved at 19:48:03, on 08/03/2008
      Platform: Windows Vista (WinNT 6.00.1904)
      MSIE: Internet Explorer v7.00 (7.00.6000.16609)
      Boot mode: Normal

      Running processes:
      C:\Windows\system32\Dwm.exe
      C:\Windows\system32\taskeng.exe
      C:\Program Files\Windows Defender\MSASCui.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\HP\QuickPlay\QPService.exe
      C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe
      C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
      C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
      C:\Program Files\Common Files\Real\Update_OB\realsched.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Windows Sidebar\sidebar.exe
      C:\Windows\ehome\ehtray.exe
      C:\Windows\System32\rundll32.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      C:\Windows\ehome\ehmsas.exe
      C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
      C:\Windows\System32\mobsync.exe
      C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqSTE08.exe
      C:\Program Files\Mozilla Firefox\firefox.exe
      C:\Windows\system32\WerCon.exe
      C:\Windows\system32\conime.exe
      C:\Windows\Explorer.exe
      C:\Windows\system32\SearchFilterHost.exe
      C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-notebook.msn.com&ocid=HPDHP&pc=HPNTDF
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      O1 - Hosts: ::1 localhost
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
      O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GRA8E1~1.DLL
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
      O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
      O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
      O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
      O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
      O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
      O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
      O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
      O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
      O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
      O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
      O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
      O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
      O4 - HKCU\..\Run: [cmds] rundll32.exe C:\Users\Daniel\AppData\Local\Temp\yaywv.dll,c
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
      O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpqtra08.exe
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
      O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
      O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
      O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
      O13 - Gopher Prefix:
      O15 - Trusted Zone: http://philil.officeisp.net
      O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://a1540.g.akamai.net/7/1540/52/20070711/qtinstall.info.apple.com/qtactivex/qtplugin.cab
      O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
      O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
      O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
      O17 - HKLM\System\CCS\Services\Tcpip\..\{B20E0201-901E-40BA-8665-5EA5122F6418}: NameServer = 212.27.32.176,212.27.32.177
      O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GR99D3~1.DLL
      O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
      O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
      O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
      O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
      O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
      O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
      O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
      O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
      O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
      O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
      O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
      O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
      O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
      O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
      O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
      O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
      O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
      0
  4. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    scan avec vundofix (colle le rapport)

    Téléchargez VundoFix -> http://www.atribune.org/ccount/click.php?id=4

    * Ne clique pas sur "Scan for a vundo"
    * Clique droit au milieu de la fenêtre
    * Clique sur Add more files ?
    * Copie/colle les fichiers ci-dessous ( un par case) :

    C:\Users\Daniel\AppData\Local\Temp\yaywv.dll

    * Clique sur Add files
    * Ensuite clique sur Close Windows
    * Enfin, clique sur Remove Vundo ( les fichiers précédents doivent apparaitre dans la fenêtre principale)
    * Si l'outils demande un redémarrage, accepte
    * Poste le rapport Vundofix, ainsi qu'un nouveau log hijackthis
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. sacha63 Messages postés 150 Statut Membre
     
    Le scan est en cours, mais j'ai un autre problème : j'ai chopé le virus d'internet "qu'est-ce que tu fais sur ce site".
    C'est vraiment très embettant mais c'est sur un autre ordi (celui sur lequel je suis actuellement).
    Pouvez vous m'aider? J'ai déjà fais msn fix il me trouve quelque chose mais ne le supprime apparament pas.
    0
  7. sacha63 Messages postés 150 Statut Membre
     
    Je voulais dire le virus de msn.
    0
    1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
       
      sur le deuxieme ordi fais ceci

      Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
      http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
      Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
      • Redémarre ton ordinateur
      • Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
      • A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
      • Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
      • Choisis ton compte.
      Déroule la liste des instructions ci-dessous :
      • Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
      • Appuie sur Y pour commencer le processus de nettoyage.
      • Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
      • Appuie sur une touche pour redémarrer le PC.
      • Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
      • Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
      • Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
      • Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
      • Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum


      ___________

      puis scan avec MalwareByte's Anti-Malware

      https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
      0
  8. osama
     
    zoimal
    0
    1. sacha63 Messages postés 150 Statut Membre
       
      quoi zoimal
      0
  9. sacha63 Messages postés 150 Statut Membre
     
    Merci beaucoup de ta réponse!!
    Voici le rapport SDFix :

    [b]SDFix: Version 1.154 [/b]

    Run by Sacha on 09/03/2008 at 12:34

    Microsoft Windows XP [version 5.1.2600]
    Running From: C:\SDFix

    [b]Checking Services [/b]:

    Restoring Windows Registry Values
    Restoring Windows Default Hosts File

    Rebooting

    [b]Checking Files [/b]:

    Trojan Files Found:

    C:\DOCUME~1\Sacha\LOCALS~1\Temp\services.exe - Deleted

    Removing Temp Files

    [b]ADS Check [/b]:

    [b]Final Check [/b]:

    catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-09 13:02:32
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden services & system hive ...

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
    "s1"=dword:bea2b7a1
    "s2"=dword:1a7e0645
    "h0"=dword:00000001

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:a9,f6,7f,4e,ba,3c,06,9d,1d,84,68,7c,50,63,51,b9,f0,3c,5b,b3,68,..
    "p0"="C:\Program Files\DAEMON Tools\"

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,85,5f,bf,cb,32,05,11,d1,8d,b0,04,be,83,30,d2,b7,7b,..
    "khjeh"=hex:b8,3a,91,2b,1c,df,2c,f9,d2,f2,34,be,4a,34,d7,e9,07,b5,1c,e6,e4,..

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:46,ce,b4,91,83,6d,ee,73,6f,b7,33,4a,6e,49,9d,0b,5a,0b,7c,82,5d,..
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
    "h0"=dword:00000000
    "khjeh"=hex:a9,f6,7f,4e,ba,3c,06,9d,1d,84,68,7c,50,63,51,b9,f0,3c,5b,b3,68,..
    "p0"="C:\Program Files\DAEMON Tools\"

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
    "a0"=hex:20,01,00,00,85,5f,bf,cb,32,05,11,d1,8d,b0,04,be,83,30,d2,b7,7b,..
    "khjeh"=hex:b8,3a,91,2b,1c,df,2c,f9,d2,f2,34,be,4a,34,d7,e9,07,b5,1c,e6,e4,..

    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
    "khjeh"=hex:46,ce,b4,91,83,6d,ee,73,6f,b7,33,4a,6e,49,9d,0b,5a,0b,7c,82,5d,..

    scanning hidden registry entries ...

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher]
    "TracesProcessed"=dword:0000009d

    scanning hidden files ...

    scan completed successfully
    hidden processes: 0
    hidden services: 0
    hidden files: 149

    [b]Remaining Services [/b]:

    Authorized Application Key Export:

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "C:\\Program Files\\Freeplayer\\vlc\\vlc.exe"="C:\\Program Files\\Freeplayer\\vlc\\vlc.exe:*:Enabled:VLC media player"
    "C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
    "C:\\Program Files\\BitSpirit\\BitSpirit.exe"="C:\\Program Files\\BitSpirit\\BitSpirit.exe:*:Enabled:The powerful and easy-to-use BitTorrent Client"
    "C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
    "C:\\Documents and Settings\\Sacha\\Bureau\\Nouveau dossier (2)\\warsow.exe"="C:\\Documents and Settings\\Sacha\\Bureau\\Nouveau dossier (2)\\warsow.exe:*:Enabled:Warsow"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
    "C:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"="C:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe:*:Enabled:Java(TM) 2 Platform Standard Edition binary"
    "C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\eChanblard\\emule.exe"="C:\\Program Files\\eChanblard\\emule.exe:*:Enabled:eMule"
    "C:\\Documents and Settings\\Sacha\\Bureau\\emule.exe"="C:\\Documents and Settings\\Sacha\\Bureau\\emule.exe:*:Enabled:eMule"
    "C:\\Program Files\\adslTV\\adsltv.exe"="C:\\Program Files\\adslTV\\adsltv.exe:*:Enabled:adsltv"
    "C:\\Program Files\\Quake III Arena\\quake3.exe"="C:\\Program Files\\Quake III Arena\\quake3.exe:*:Enabled:quake3"
    "C:\\Program Files\\The All-Seeing Eye\\eye.exe"="C:\\Program Files\\The All-Seeing Eye\\eye.exe:*:Enabled:Yahoo! All-Seeing Eye"
    "C:\\quake3.exe"="C:\\quake3.exe:*:Enabled:quake3"
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"="C:\\WINDOWS\\system32\\PnkBstrA.exe:*:Enabled:PnkBstrA"
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"="C:\\WINDOWS\\system32\\PnkBstrB.exe:*:Enabled:PnkBstrB"
    "C:\\Program Files\\Download Express\\dep.exe"="C:\\Program Files\\Download Express\\dep.exe:*:Enabled:Browser download plugin"
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
    "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"="C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM)"
    "C:\\Program Files\\CAPCOM\\LOST_PLANET_TRIAL_DX9\\LostPlanetDX9.exe"="C:\\Program Files\\CAPCOM\\LOST_PLANET_TRIAL_DX9\\LostPlanetDX9.exe:*:Enabled:LostPlanetDX9"
    "C:\\Program Files\\Unreal Tournament 3 (LG)\\Binaries\\UT3.exe"="C:\\Program Files\\Unreal Tournament 3 (LG)\\Binaries\\UT3.exe:*:Enabled:Unreal Tournament 3"
    "C:\\Program Files\\FlashGet\\flashget.exe"="C:\\Program Files\\FlashGet\\flashget.exe:*:Enabled:Flashget"
    "C:\\Program Files\\uTorrent\\uTorrent.exe"="C:\\Program Files\\uTorrent\\uTorrent.exe:*:Enabled:æTorrent"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"
    "C:\\Program Files\\UT2004\\System\\UT2004.exe"="C:\\Program Files\\UT2004\\System\\UT2004.exe:*:Enabled:UT2004"
    @=""
    "C:\\DOCUME~1\\Sacha\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\Sacha\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Media"

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
    "%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"="C:\\Program Files\\Windows Live\\Messenger\\livecall.exe:*:Enabled:Windows Live Messenger (Phone)"

    [b]Remaining Files [/b]:

    File Backups: - C:\SDFix\backups\backups.zip

    [b]Files with Hidden Attributes [/b]:

    Mon 28 Jan 2008 1,404,240 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SDUpdate.exe"
    Mon 28 Jan 2008 5,146,448 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe"
    Mon 28 Jan 2008 2,097,488 A.SHR --- "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
    Tue 12 Sep 2006 8 ..SHR --- "C:\WINDOWS\system32\8594BA75C9.sys"
    Tue 12 Sep 2006 2,828 A.SH. --- "C:\WINDOWS\system32\KGyGaAvL.sys"
    Mon 24 Sep 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
    Tue 26 Feb 2008 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT2.tmp"
    Mon 24 Sep 2007 0 A..H. --- "C:\WINDOWS\SoftwareDistribution\Download\778fd2fc3fe6b905e366b5ddbba384c8\BITA.tmp"
    Sun 9 Mar 2008 0 A..H. --- "C:\WINDOWS.0\SoftwareDistribution\Download\585dc2612ebcefc90e7dee4c276ee95e\BIT2.tmp"
    Thu 28 Feb 2008 0 A..H. --- "C:\WINDOWS.0\SoftwareDistribution\Download\f7db876e78b88fd8276fd7d29cb7e4eb\BIT1.tmp"
    Mon 22 Oct 2007 1,776 ...HR --- "C:\Documents and Settings\Sacha\Application Data\SecuROM\UserData\securom_v7_01.bak"

    [b]Finished![/b]

    et celui de MalwareByte's Anti-Malware (j'ai fait un examen complet)

    Malwarebytes' Anti-Malware 1.07
    Version de la base de données: 470

    Type de recherche: Examen complet (C:\|F:\|)
    Eléments examinés: 112203
    Temps écoulé: 40 minute(s), 41 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 6
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    Sauvegarde le sur ton bureau et pas ailleurs !

    Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

    Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
    Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
    0
  11. sacha63 Messages postés 150 Statut Membre
     
    Voilà le rapport :
    ComboFix 08-03-08.2 - Sacha 2008-03-09 15:43:50.1 - NTFSx86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.331 [GMT 1:00]
    Endroit: C:\Documents and Settings\Sacha\Bureau\Combo-Fix.exe
    * Création d'un nouveau point de restauration

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .

    ((((((((((((((((((((((((((((( Fichiers créés 2008-02-09 to 2008-03-09 ))))))))))))))))))))))))))))))))))))
    .

    2008-03-09 13:11 . 2008-03-09 13:54 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
    2008-03-09 13:11 . 2008-03-09 13:11 <REP> d-------- C:\Documents and Settings\Sacha\Application Data\Malwarebytes
    2008-03-09 13:11 . 2008-03-09 13:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
    2008-03-09 12:30 . 2008-03-09 12:31 <REP> d-------- C:\WINDOWS\ERUNT
    2008-03-09 12:26 . 2008-03-09 13:06 <REP> d----c--- C:\SDFix
    2008-03-08 20:55 . 2008-03-08 20:55 <REP> d-------- C:\Program Files\Avira
    2008-03-08 20:50 . 2008-03-08 20:51 <REP> d-------- C:\MSNFix
    2008-03-08 13:37 . 2008-03-08 13:37 <REP> d-------- C:\Program Files\Vista Start Menu
    2008-03-08 13:37 . 2008-03-08 22:13 <REP> d-------- C:\Documents and Settings\Sacha\Application Data\Vista Start Menu
    2008-03-08 13:33 . 2008-03-08 13:33 <REP> d-------- C:\Program Files\Shock Utility
    2008-03-03 22:23 . 2008-03-03 22:21 691,545 --a------ C:\WINDOWS\unins000.exe
    2008-03-03 22:23 . 2008-03-03 22:23 2,549 --a------ C:\WINDOWS\unins000.dat
    2008-03-02 22:05 . 2008-03-02 22:05 <REP> d-------- C:\Program Files\NFO viewer
    2008-02-29 02:44 . 2008-02-29 02:44 <REP> d----c--- C:\MM_APP_PATH
    2008-02-29 02:38 . 2008-02-29 02:44 <REP> d-------- C:\Program Files\DFX
    2008-02-29 02:37 . 2008-02-29 02:44 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DFX
    2008-02-29 00:14 . 2008-02-29 00:14 <REP> d-------- C:\Documents and Settings\Administrateur.PC-ADMIN\Contacts
    2008-02-28 23:46 . 2008-02-28 23:46 <REP> d-------- C:\Program Files\CDBurnerXP
    2008-02-28 23:43 . 2008-02-28 23:43 <REP> d-------- C:\Documents and Settings\Administrateur.PC-ADMIN\Application Data\TuneUp Software
    2008-02-28 00:20 . 2008-02-28 23:37 <REP> d-------- C:\Documents and Settings\Administrateur.PC-ADMIN\Application Data\uTorrent
    2008-02-28 00:10 . 2008-02-28 00:10 <REP> d-------- C:\Documents and Settings\Sacha\Application Data\Talkback
    2008-02-28 00:08 . 2008-02-28 00:08 <REP> d-------- C:\Program Files\mozilla.org
    2008-02-27 23:46 . 2008-02-27 23:46 <REP> d-------- C:\Documents and Settings\NetworkService\Application Data\Intel
    2008-02-27 23:46 . 2008-02-27 23:46 <REP> d-------- C:\Documents and Settings\NetworkService.AUTORITE NT\Application Data\Intel
    2008-02-27 23:46 . 2008-02-27 23:46 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\Intel
    2008-02-27 23:46 . 2008-02-27 23:46 <REP> d-------- C:\Documents and Settings\LocalService.AUTORITE NT\Application Data\Intel
    2008-02-27 23:46 . 2008-02-27 23:46 <REP> d-------- C:\Documents and Settings\Default User.WINDOWS.0\Application Data\Intel
    2008-02-27 23:46 . 2008-02-27 23:46 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Intel
    2008-02-27 23:46 . 2008-02-27 23:46 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
    2008-02-27 23:46 . 2008-02-27 23:46 <REP> d-------- C:\Documents and Settings\Administrateur.PC-ADMIN\Application Data\Intel
    2008-02-27 23:07 . 2008-03-09 14:26 <REP> d-------- C:\Program Files\eMule
    2008-02-27 22:58 . 2008-02-27 18:38 <REP> d--h----- C:\Documents and Settings\Administrateur.PC-ADMIN\Voisinage réseau
    2008-02-27 22:58 . 2008-02-27 18:38 <REP> d--h----- C:\Documents and Settings\Administrateur.PC-ADMIN\Voisinage d'impression
    2008-02-27 22:58 . 2008-02-27 22:45 <REP> d--h----- C:\Documents and Settings\Administrateur.PC-ADMIN\Modèles
    2008-02-27 22:58 . 2008-02-29 00:24 <REP> dr------- C:\Documents and Settings\Administrateur.PC-ADMIN\Mes documents
    2008-02-27 22:58 . 2008-03-09 03:55 <REP> dr------- C:\Documents and Settings\Administrateur.PC-ADMIN\Menu Démarrer
    2008-02-27 22:58 . 2008-02-27 22:59 <REP> dr------- C:\Documents and Settings\Administrateur.PC-ADMIN\Favoris
    2008-02-27 22:58 . 2008-02-29 00:27 <REP> d-------- C:\Documents and Settings\Administrateur.PC-ADMIN\Bureau
    2008-02-27 22:55 . 2007-10-28 22:24 <REP> d-------- C:\Program Files\Lavalys
    2008-02-27 22:55 . 2008-02-27 22:55 <REP> d-------- C:\Program Files\K-Lite Codec Pack
    2008-02-27 22:49 . 2008-02-27 22:49 <REP> d-------- C:\Program Files\Foxit
    2008-02-27 22:48 . 2008-02-27 22:48 <REP> d--hs---- C:\Documents and Settings\All Users.WINDOWS.0\DRM
    2008-02-27 22:15 . 2008-02-27 22:15 <REP> d----c--- C:\SWSETUP
    2008-02-27 21:46 . 2000-03-23 12:50 446,464 -ra------ C:\WINDOWS\system32\hhactivex.dll
    2008-02-27 21:46 . 1999-05-07 13:24 414,944 --a------ C:\WINDOWS\system32\COMCT332.OCX
    2008-02-27 21:46 . 1998-11-10 10:46 328,480 --a------ C:\WINDOWS\system32\ssa3d30.ocx
    2008-02-27 21:46 . 2002-01-08 17:00 176,128 --a------ C:\WINDOWS\system32\RcdScan.dll
    2008-02-27 21:46 . 2001-08-22 08:42 13,632 --------- C:\WINDOWS\system32\drivers\omci.sys
    2008-02-27 21:27 . 2008-02-27 21:27 <REP> d-------- C:\Program Files\Intel Desktop Boards
    2008-02-27 20:44 . 2008-02-27 20:44 <REP> d-------- C:\Program Files\Intel Desktop Board
    2008-02-27 18:38 . 2008-02-27 18:38 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS.0\Voisinage réseau
    2008-02-27 18:38 . 2008-02-27 18:38 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS.0\Voisinage d'impression
    2008-02-27 18:38 . 2008-02-27 22:45 <REP> d--h----- C:\Documents and Settings\Default User.WINDOWS.0\Modèles
    2008-02-27 18:38 . 2008-02-27 18:38 <REP> d-------- C:\Documents and Settings\Default User.WINDOWS.0\Mes documents
    2008-02-27 18:38 . 2008-02-27 18:38 <REP> dr------- C:\Documents and Settings\Default User.WINDOWS.0\Menu Démarrer
    2008-02-27 18:38 . 2008-02-27 22:53 <REP> d-------- C:\Documents and Settings\Default User.WINDOWS.0\Favoris
    2008-02-27 18:38 . 2008-02-27 18:38 <REP> d-------- C:\Documents and Settings\Default User.WINDOWS.0\Bureau
    2008-02-27 18:38 . 2008-02-27 18:38 <REP> d--h----- C:\Documents and Settings\All Users.WINDOWS.0\Modèles
    2008-02-27 18:38 . 2008-02-27 22:49 <REP> dr------- C:\Documents and Settings\All Users.WINDOWS.0\Menu Démarrer
    2008-02-27 18:38 . 2008-02-27 18:38 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Favoris
    2008-02-27 18:38 . 2008-02-27 22:48 <REP> dr------- C:\Documents and Settings\All Users.WINDOWS.0\Documents
    2008-02-27 18:38 . 2008-02-29 00:23 <REP> d-------- C:\Documents and Settings\All Users.WINDOWS.0\Bureau
    2008-02-27 18:26 . 2008-03-09 03:52 <REP> d----c--- C:\WINDOWS.0
    2008-02-27 17:20 . 2008-02-29 00:04 <REP> d--hsc--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
    2008-02-27 16:39 . 2008-02-27 16:39 <REP> d-------- C:\Documents and Settings\Sacha\Application Data\Astroburn
    2008-02-27 16:39 . 2008-02-27 16:39 <REP> d----c--- C:\DAEMON Tools
    2008-02-27 16:38 . 2008-02-28 23:53 <REP> d-------- C:\Program Files\Astroburn
    2008-02-27 16:29 . 2008-02-27 16:29 <REP> d-------- C:\Documents and Settings\Sacha\Application Data\DAEMON Tools
    2008-02-27 15:16 . 2007-05-07 11:15 5,398,528 --a------ C:\WINDOWS\system32\IDTSG.cpl
    2008-02-27 15:16 . 2007-05-06 17:10 405,504 --a------ C:\WINDOWS\sttray.exe
    2008-02-27 15:16 . 2007-05-06 17:11 94,208 --a------ C:\WINDOWS\system32\stacsv.exe
    2008-02-27 15:16 . 2005-12-02 17:38 41,728 --a------ C:\WINDOWS\system32\drivers\sfng32.sys
    2008-02-27 15:15 . 2008-02-27 15:15 <REP> d-------- C:\Program Files\SigmaTel
    2008-02-27 15:12 . 2008-02-27 15:12 <REP> d-------- C:\Program Files\Logitech
    2008-02-27 15:12 . 2008-02-27 15:12 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
    2008-02-27 15:02 . 2008-03-08 23:46 69 --a------ C:\WINDOWS\NeroDigital.ini
    2008-02-27 14:58 . 2008-02-27 14:58 <REP> d-------- C:\Program Files\Driver Magician
    2008-02-27 14:58 . 2004-09-28 11:13 526,184 --a------ C:\WINDOWS\system32\XceedCry.dll
    2008-02-27 14:58 . 2005-01-12 11:19 456,536 --a------ C:\WINDOWS\system32\XCEEDZIP.DLL
    2008-02-27 14:58 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\system32\Tabctl32.ocx
    2008-02-27 14:58 . 2004-08-11 15:55 110,602 --a------ C:\WINDOWS\system32\xcdsfx32.bin
    2008-02-27 14:55 . 2008-02-12 15:16 717,016 -ra------ C:\WINDOWS\system32\drivers\cfosspeed.sys
    2008-02-27 14:54 . 2008-03-09 15:47 <REP> d-------- C:\Program Files\cFosSpeed
    2008-02-27 14:54 . 2008-02-12 15:16 285,912 --a------ C:\WINDOWS\system32\cfosspeed.dll
    2008-02-27 14:52 . 2008-02-27 14:52 <REP> d-------- C:\Program Files\MSN Password Recovery
    2008-02-27 14:32 . 2008-02-28 19:48 <REP> d-------- C:\Program Files\uTorrent
    2008-02-27 14:31 . 2008-03-09 15:46 <REP> d-------- C:\Documents and Settings\Sacha\Application Data\uTorrent
    2008-02-26 19:54 . 2008-02-26 19:54 <REP> d-------- C:\Documents and Settings\Sacha\Application Data\Nero
    2008-02-26 19:51 . 2008-02-26 19:51 <REP> d-------- C:\Program Files\Nero
    2008-02-26 19:51 . 2008-02-26 19:53 <REP> d-------- C:\Program Files\Fichiers communs\Nero
    2008-02-26 19:51 . 2008-02-26 19:51 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
    2008-02-26 04:28 . 2008-02-26 04:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Kaspersky Lab Setup Files
    2008-02-26 04:24 . 2008-02-26 04:24 <REP> d-------- C:\Documents and Settings\All Users\Application Data\nView_Profiles
    2008-02-26 03:34 . 2008-02-26 04:23 <REP> d-------- C:\WINDOWS\nview
    2008-02-26 03:34 . 2006-04-25 11:28 208,896 --a------ C:\WINDOWS\system32\nvudisp.exe
    2008-02-26 03:34 . 2008-03-09 13:07 51,048 --a------ C:\WINDOWS\system32\nvapps.xml
    2008-02-26 03:34 . 2006-04-25 11:28 16,960 --a------ C:\WINDOWS\system32\nvdisp.nvu
    2008-02-26 01:42 . 2008-02-26 01:42 6,912,054 --a------ C:\WINDOWS\BricoPack Wallpaper.bmp
    2008-02-26 01:42 . 2008-02-26 01:42 60,346 --a------ C:\WINDOWS\BricoPackUninst.cmd
    2008-02-26 01:35 . 2008-02-26 01:42 6,114 --a------ C:\WINDOWS\BricoPackFoldersDelete.cmd

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2008-03-08 19:55 --------- d-----w C:\Documents and Settings\All Users\Application Data\Avira
    2008-03-08 19:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
    2008-03-08 00:03 --------- d-----w C:\Documents and Settings\Sacha\Application Data\dvdcss
    2008-03-03 21:55 --------- d-----w C:\Program Files\Spybot - Search & Destroy
    2008-02-29 01:43 --------- d-----w C:\Program Files\Fichiers communs\Wise Installation Wizard
    2008-02-28 23:22 --------- d-----w C:\Program Files\Messenger Plus! Live
    2008-02-27 23:43 --------- d-----w C:\Program Files\DAEMON Tools
    2008-02-27 21:45 --------- d-----w C:\Program Files\Windows Media Connect 2
    2008-02-27 20:53 7,061 ----a-w C:\WINDOWS\system32\drivers\sthdae.log
    2008-02-27 20:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
    2008-02-27 15:26 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
    2008-02-27 14:14 --------- d-----w C:\Program Files\DIFX
    2008-02-26 00:42 219,648 ----a-w C:\WINDOWS\system32\uxtheme.dll
    2008-02-25 21:42 --------- d-----w C:\Documents and Settings\Sacha\Application Data\vlc
    2008-02-25 19:39 --------- d-----w C:\Program Files\Intel
    2008-02-25 19:04 --------- d-----w C:\Program Files\DivX
    2008-02-25 18:59 --------- d-----w C:\Program Files\Lavasoft
    2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
    2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
    2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
    2007-11-21 16:11 29,959 ----a-w C:\Documents and Settings\Sacha\Application Data\serial2.dat
    2007-11-21 07:23 22,328 -c--a-w C:\Documents and Settings\Sacha\Application Data\PnkBstrK.sys
    2006-09-12 20:07 8 -csh--r C:\WINDOWS\system32\8594BA75C9.sys
    2006-09-12 20:07 2,828 -csha-w C:\WINDOWS\system32\KGyGaAvL.sys
    .

    ------- Sigcheck -------

    2007-06-13 14:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\explorer.exe
    2007-06-13 14:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
    2004-08-10 12:00 1036288 4c33e5b9a6197b6ed215f6cfba0a2daa C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
    2007-06-13 14:22 979456 80a5400514eb32d393654768c4017e46 C:\WINDOWS\system32\dllcache\explorer.exe
    .
    ((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    REGEDIT4
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360]
    "msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]
    "ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-09-11 05:56 86960]
    "ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 10:50 205480]
    "VistaStartMenu"="C:\Program Files\Vista Start Menu\VistaStartMenu.exe" [2007-12-12 12:53 1704624]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-10-19 20:16 286720]
    "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
    "NVHotkey"="nvHotkey.dll" [2006-05-01 15:46 73728 C:\WINDOWS\system32\nvhotkey.dll]
    "IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-03-06 21:47 819200]
    "IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-03-06 21:44 970752]
    "nwiz"="nwiz.exe" [2006-04-25 11:28 1519616 C:\WINDOWS\system32\nwiz.exe]
    "cFosSpeed"="C:\Program Files\cFosSpeed\cFosSpeed.exe" [2008-02-12 15:16 863448]
    "SigmatelSysTrayApp"="stsystra.exe" [2005-08-24 07:42 393216 C:\WINDOWS\stsystra.exe]
    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-04-25 11:28 7573504]
    "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-08 23:39 249896]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 12:00 15360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
    "InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

    [HKLM\~\startupfolder\C:^Documents and Settings^Sacha^Menu Démarrer^Programmes^Démarrage^RocketDock.lnk]
    path=C:\Documents and Settings\Sacha\Menu Démarrer\Programmes\Démarrage\RocketDock.lnk
    backup=C:\WINDOWS\pss\RocketDock.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Sacha^Menu Démarrer^Programmes^Démarrage^TransBar.lnk]
    path=C:\Documents and Settings\Sacha\Menu Démarrer\Programmes\Démarrage\TransBar.lnk
    backup=C:\WINDOWS\pss\TransBar.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Sacha^Menu Démarrer^Programmes^Démarrage^UberIcon.lnk]
    path=C:\Documents and Settings\Sacha\Menu Démarrer\Programmes\Démarrage\UberIcon.lnk
    backup=C:\WINDOWS\pss\UberIcon.lnkStartup

    [HKLM\~\startupfolder\C:^Documents and Settings^Sacha^Menu Démarrer^Programmes^Démarrage^Y'z Shadow.lnk]
    path=C:\Documents and Settings\Sacha\Menu Démarrer\Programmes\Démarrage\Y'z Shadow.lnk
    backup=C:\WINDOWS\pss\Y'z Shadow.lnkStartup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdVantage]
    C:\Program Files\AdVantage\AdVantage.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Anti-Blaxx Manager]
    C:\Program Files\Anti-Blaxx 1.18\Anti-Blaxx.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    --a------ 2007-09-20 15:35 202024 C:\Program Files\Fichiers communs\Nero\Lib\NMBgMonitor.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
    --a------ 2007-12-15 11:02 482760 C:\Program Files\DAEMON Tools\daemon.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
    --a------ 2007-09-20 09:51 1836328 C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    --a------ 2007-03-01 15:57 153136 C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VirusKeeper]
    C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Logitech Utility"=Logi_MwX.Exe
    "NvCplDaemon"=RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "C:\\Program Files\\Messenger\\msmsgs.exe"=
    "C:\\WINDOWS\\system32\\rtcshare.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
    "C:\\Program Files\\Java\\jre1.5.0_10\\bin\\javaw.exe"=
    "C:\\Program Files\\eMule\\emule.exe"=
    "C:\\Program Files\\The All-Seeing Eye\\eye.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "C:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "C:\\Program Files\\Internet Explorer\\iexplore.exe"=
    "C:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
    "C:\\Program Files\\Unreal Tournament 3 (LG)\\Binaries\\UT3.exe"=
    "C:\\Program Files\\FlashGet\\flashget.exe"=
    "C:\\Program Files\\uTorrent\\uTorrent.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
    "C:\\Program Files\\UT2004\\System\\UT2004.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "7561:TCP"= 7561:TCP:TCP
    "7571:TCP"= 7571:TCP:UDP
    "56127:TCP"= 56127:TCP:TCP
    "56127:UDP"= 56127:UDP:UDP

    R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-01-12 22:27]
    R2 UxTuneUp;TuneUp Extension de thème;C:\WINDOWS\System32\svchost.exe [2004-08-10 12:00]
    R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-01-12 22:29]
    S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\WINDOWS\System32\TuneUpDefragService.exe [2008-02-25 22:12]
    S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 21:58]
    S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 22:08]
    S4 Boonty Games;Boonty Games;"C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" []

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
    UxTuneUp

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{082bbfae-7c1f-11dc-955d-0015c53dff42}]
    \Shell\AutoRun\command - E:\Autorun.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3768c380-4173-11db-94a8-0015c548f211}]
    \Shell\AutoRun\command - E:\OblivionLauncher.exe

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3bd9ae3b-1b81-11dc-9521-0015c548f211}]
    \Shell\AutoRun\command - F:\autorunner.exe "autorun.exe"

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{eee44694-4293-11db-94ad-0015c548f211}]
    \Shell\AutoRun\command - G:\autorun.exe

    .
    Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
    "2007-11-27 14:37:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
    - C:\Program Files\Apple Software Update\SoftwareUpdate.exe
    "2008-03-07 16:24:48 C:\WINDOWS\Tasks\Maintenance en 1 clic.job"
    - C:\Program Files\TuneUp Utilities 2008\OneClick.exe
    .
    **************************************************************************

    catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2008-03-09 15:47:46
    Windows 5.1.2600 Service Pack 2 NTFS

    Balayage processus cachés ...

    Balayage caché autostart entries ...

    Balayage des fichiers cachés ...

    Scan terminé avec succès
    Les fichiers cachés: 0

    **************************************************************************
    .
    Temps d'accomplissement: 2008-03-09 15:48:49
    .
    2008-02-26 18:39:02 --- E O F ---
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    colle le rapport d'un scan en ligne
    avec un des suivants:

    bitdefender en ligne :
    http://www.bitdefender.fr/scan_fr/scan8/ie.html

    Panda en ligne :
    http://pandasoftware.fr

    ______________

    refais
    MalwareByte's Anti-Malware car tu as ignoré ce qui a été trouvé puis recolle mois un rapport hijakhcits et dis tes soucis actuels
    0
  13. sacha63 Messages postés 150 Statut Membre
     
    Voilà mon rapport BitDefender :

    <HTML>
    <HEAD>
    <TITLE>BitDefender Online Scanner - Rapport d'analyse</TITLE>
    <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
    </HEAD>
    <BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >

    <table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
    <tr>
    <td width="458">
    <p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender Online Scanner</b></span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>
    <tr>
    <td colspan="3" width="912">
    <p><font face="Arial"><span style="font-size:11pt;"><B>Rapport d'analyse généré à: Sun, Mar 09, 2008 - 17:16:07</b></span></font></p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B>Voie d'analyse: </b></span><span style="font-size:10pt;">C:\;D:\;E:\;F:\;</span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Statistiques</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Temps</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">00:32:08</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Fichiers</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">100943</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Directoires</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">8606</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Secteurs de boot</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">5</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Archives</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">1525</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Paquets programmes</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">9133</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Résultats</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Virus identifiés</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">5</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Fichiers infectés</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">5</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Fichiers suspects</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">0</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Avertissements</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">0</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Désinfectés</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">0</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Fichiers effacés</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">6</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Info sur les moteurs</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Définition virus</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">986246</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Version des moteurs</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse des plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">16</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Archive des plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">41</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Unpack des plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">7</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">E-mail plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">6</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Système plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">5</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Paramètres d'analyse</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Première action</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Désinfecté</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Seconde Action</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Heuristique</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Acceptez les avertissements</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Extensions analysées</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">exe;com;dll;ocx;scr;bin;dat;386;vxd;sys;wdm;cla;class;ovl;ole;hlp;doc;dot;xls;ppt;wbk;wiz;pot;ppa;xla;xlt;vbs;vbe;mdb;rtf;htm;hta;html;xml;xtp;php;asp;js;shs;chm;lnk;pif;prc;url;smm;pfd;msi;ini;csc;cmd;bas;</font></p>
    </td>
    </tr>

    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Excludez les extensions</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2"> </font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse d'emails</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse des Archives</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyser paquets programmes</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse des fichiers</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Analyse de boot</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Oui</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td colspan=2>  
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="252" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Fichier analysé</b></font></p>
    </td>
    <td width="195" bgcolor="#CCCCCC" align="right">
    <p align="left"><b><font size="2" face="Arial"> Statut</font></b></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Program Files\AxBx\PC Security Test 2007\files\spyware.dat=>(Quarantine-PE)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Détecté avec: Application.VTesttool.A</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Program Files\AxBx\PC Security Test 2007\files\spyware.dat=>(Quarantine-PE)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Program Files\AxBx\PC Security Test 2007\files\virus1.dat=>(Quarantine-PE)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Détecté avec: Application.VTesttool.B</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Program Files\AxBx\PC Security Test 2007\files\virus1.dat=>(Quarantine-PE)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Program Files\AxBx\PC Security Test 2007\files\virus3.dat=>(Quarantine-PE)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Détecté avec: Application.VTesttool.C</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Program Files\AxBx\PC Security Test 2007\files\virus3.dat=>(Quarantine-PE)</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Supprimé</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\WINDOWS\system32\sens.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: Trojan.Patched.BD</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\WINDOWS\system32\sens.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\WINDOWS\system32\sens.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la suppression</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\WINDOWS\system32\wups32.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infecté par: MemScan:Trojan.Agent.AHDK</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\WINDOWS\system32\wups32.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la désinfection</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\WINDOWS\system32\wups32.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Echec de la suppression</font></p>
    </td>
    </tr>
    </table>
    </td>

    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B> </b></span></font></p>
    </td>
    <td width="40%">
    <p> </p>
    </td>
    <td width="10%">
    <p> </p>
    </td>
    </tr>

    </table>
    <p> </p>

    </body>
    </html>

    Voilà celui de MalwareByte's Anti-Malware :

    Malwarebytes' Anti-Malware 1.07
    Version de la base de données: 470

    Type de recherche: Examen complet (C:\|F:\|)
    Eléments examinés: 112354
    Temps écoulé: 51 minute(s), 41 second(s)

    Processus mémoire infecté(s): 0
    Module(s) mémoire infecté(s): 0
    Clé(s) du Registre infectée(s): 6
    Valeur(s) du Registre infectée(s): 0
    Elément(s) de données du Registre infecté(s): 0
    Dossier(s) infecté(s): 0
    Fichier(s) infecté(s): 0

    Processus mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Module(s) mémoire infecté(s):
    (Aucun élément nuisible détecté)

    Clé(s) du Registre infectée(s):
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4d7b-9389-0f166788785a} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3dc201fb-e9c9-499c-a11f-23c360d7c3f8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63d0ed2c-b45b-4458-8b3b-60c69bbbd83c} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98d9753d-d73b-42d5-8c85-4469cda897ab} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ff05104-b030-46fc-94b8-81276e4e27df} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.

    Valeur(s) du Registre infectée(s):
    (Aucun élément nuisible détecté)

    Elément(s) de données du Registre infecté(s):
    (Aucun élément nuisible détecté)

    Dossier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Fichier(s) infecté(s):
    (Aucun élément nuisible détecté)

    Et enfin celui de HijackThis :

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 17:22:52, on 09/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20733)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\cFosSpeed\spd.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\cFosSpeed\cFosSpeed.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Vista Start Menu\VistaStartMenu.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\eMule\emule.exe
    C:\WINDOWS\explorer.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab50997.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab50997.cab
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FFC1EA5D-EC53-4DAC-A524-E12A2B100FF8}: NameServer = 212.27.32.176,212.27.32.177
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    il me faudrait le rapport de bitdefender qui donne le nom des virus et les fichiers inféctés! sinon tu as des soucis
    0
  15. sacha63 Messages postés 150 Statut Membre
     
    Voilà le rapport de bitdefender :

    C:\WINDOWS\system32\sens.dll Infecté par : Trojan.Patched.BD
    Echec de la désinfection
    Echec de la supression

    C:\WINDOWS\system32\wups32.dll Echec de la désinfection
    Echec de la supression
    0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau.
    double-clique sur OTMoveIt.exe pour le lancer.
    copie la liste qui se trouve en citation ci-dessous,
    et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

    Citation :

    C:\Users\Daniel\AppData\Local\Temp\bsiphdct.dll
    C:\Users\Daniel\AppData\Local\Temp\cjbixdik.dll
    C:\Users\Daniel\AppData\Local\Temp\kovtkalx.dll
    C:\Users\Daniel\AppData\Local\Temp\yaywv.dll
    C:\Users\Daniel\AppData\Local\Temp\yvfflvpr.dll
    C:\Users\Daniel\AppData\Local\Temp\khhhf.dll
    C:\WINDOWS\system32\sens.dll
    C:\WINDOWS\system32\wups32.dll

    clique sur MoveIt! pour lancer la suppression.
    le résultat apparaitra dans le cadre "Results".
    clique sur Exit pour fermer.
    poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

    il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

    __________________

    vire ce qui est dans le fichier otmovit en allant dans poste de travail puis c puis otmovit

    __________________

    Colle le rapport :
    Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

     Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
     Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
     Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
    Manuel de clean :
    http://kerio.probb.fr/tuto-Clean-h37.html
    https://kerio.probb.fr/

    ____________________

    encore des soucis??? recolle un hijackhtis
    0
  17. sacha63 Messages postés 150 Statut Membre
     
    Voilà le rapport OTMoveIt

    File/Folder C:\Users\Daniel\AppData\Local\Temp\bsiphdct.dll not found.
    File/Folder C:\Users\Daniel\AppData\Local\Temp\cjbixdik.dll not found.
    File/Folder C:\Users\Daniel\AppData\Local\Temp\kovtkalx.dll not found.
    File/Folder C:\Users\Daniel\AppData\Local\Temp\yaywv.dll not found.
    File/Folder C:\Users\Daniel\AppData\Local\Temp\yvfflvpr.dll not found.
    File/Folder C:\Users\Daniel\AppData\Local\Temp\khhhf.dll not found.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\sens.dll
    C:\WINDOWS\system32\sens.dll NOT unregistered.
    C:\WINDOWS\system32\sens.dll moved successfully.
    DllUnregisterServer procedure not found in C:\WINDOWS\system32\wups32.dll
    C:\WINDOWS\system32\wups32.dll NOT unregistered.
    C:\WINDOWS\system32\wups32.dll moved successfully.

    OTMoveIt2 v1.0.20 log created on 03092008_211409

    Voilà le rapport clean (j'ai juste analysé pas nettoyer) :

    09/03/2008 a 21:45:25,46

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32
    "C:\WINDOWS\Downloaded Program Files\CONFLICT.1" FOUND
    "C:\WINDOWS\Downloaded Program Files\CONFLICT.2" FOUND

    *** Recherche des fichiers dans C:\Program Files
    *** Fin du rapport !

    et le rapport HijackThis:

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 21:56:00, on 09/03/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.20733)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    C:\Program Files\cFosSpeed\spd.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\system32\HPZipm12.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
    C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
    C:\Program Files\cFosSpeed\cFosSpeed.exe
    C:\WINDOWS\stsystra.exe
    C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\msnmsgr.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
    C:\Program Files\Vista Start Menu\VistaStartMenu.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Intel\Wireless\Bin\Dot1XCfg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Windows Live\Messenger\usnsvc.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\system32\NOTEPAD.EXE

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: flashget urlcatch - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\Program Files\FlashGet\jccatch.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
    O2 - BHO: FlashGet GetFlash Class - {F156768E-81EF-470C-9057-481BA8380DBA} - C:\Program Files\FlashGet\getflash.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [NVHotkey] rundll32.exe nvHotkey.dll,Start
    O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
    O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [cFosSpeed] C:\Program Files\cFosSpeed\cFosSpeed.exe
    O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
    O4 - HKCU\..\Run: [VistaStartMenu] "C:\Program Files\Vista Start Menu\VistaStartMenu.exe"
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O8 - Extra context menu item: &Tout télécharger avec FlashGet - C:\Program Files\FlashGet\jc_all.htm
    O8 - Extra context menu item: &Télécharger avec FlashGet - C:\Program Files\FlashGet\jc_link.htm
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra 'Tools' menuitem: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\Program Files\FlashGet\FlashGet.exe
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab50997.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
    O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
    O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/player/DivXBrowserPlugin.cab
    O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - https://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
    O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab50997.cab
    O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab55762.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
    O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{FFC1EA5D-EC53-4DAC-A524-E12A2B100FF8}: NameServer = 212.27.32.176,212.27.32.177
    O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
    O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\cFosSpeed\spd.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
    O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software GmbH - C:\WINDOWS\System32\TuneUpDefragService.exe
    0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok lance un nettoyage avec clean
    0
  19. sacha63 Messages postés 150 Statut Membre
     
    Ok, voilà le rapport :

    Script execute en mode sans echec
    Rapport clean par Malekal_morte - http://www.malekal.com
    Script execute en mode sans echec 09/03/2008 a 23:13:14,20

    Microsoft Windows XP [version 5.1.2600]

    *** Suppression des fichiers dans C:

    *** Suppression des fichiers dans C:\WINDOWS\

    *** Suppression des fichiers dans C:\WINDOWS\system32

    *** Suppression des fichiers dans C:\Program Files

    *** Suppression des clefs du registre effectuee..
    *** Fin du rapport !
    0
  20. sacha63 Messages postés 150 Statut Membre
     
    Et après, qu'est-ce que je dois faire??
    0
  21. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    colle un rapport antivir et dis tes soucis actuels
    0
  • 1
  • 2
  • 3