Sujet Précédent Sujet Suivant

Virus msn

Fermé
sped - 17 mars 2008 à 20:08
sped Messages postés 8 Date d'inscription mardi 1 avril 2008 Statut Membre Dernière intervention 5 avril 2008 - 5 avril 2008 à 12:26
Bonjour, voici mon problème sur msn : il envois a tous mes contacts http://msn.photo.iquebec.com/?photo
Comment m'en débarrasser ?
Pour info j'ai avast
merci
A voir également:

8 réponses

Réponse 1 / 8
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
31 mars 2008 à 20:32
Bonsoir

Coucou tristan

Concernant 

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\DOCUME~1\Didier\LOCALS~1\Temp\azplatform2_1.16.zip] ECDA1168AD8D8DEBD7A69C8B5B04DF6D
[C:\DOCUME~1\Didier\LOCALS~1\Temp\azupdater_1.8.8.zip] FE9F0AFA888DFF4FCF0AC6932C6B8CE0
[C:\DOCUME~1\Didier\LOCALS~1\Temp\azupnpav_0.2.0.zip] F26FD74D0FB64A779EFEB34AC6E6AC4D
[C:\deletedr.exe] 8A984E9032270A40C7E7FD10A5DCCEF2

[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\Didier\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr


Suivre la procédure indiquée sur ce lien ► http://www.infos-du-net.com/forum/272805-11-upload-fichiers-supects-msnfix

Ensuite

Spyware Doctor ► poubelle

Version XP ► non officielle

Windows Live Toolbar ► inutile


1/ Télécharge et installe CCleaner
(attention à l'installation penser à DECOCHER l'installation de Yahoo toolbar discrètement proposé en plus de CCleaner).

http://www.clubic.com/lancer-le-telechargement-20932-0-ccleaner-crap-cleaner-.html

2/ 2/ Télécharge AVG
https://www.avg.com/en-ww/free-antivirus-download
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour.
Tu fermes



3/ Redémarre en mode sans échec
(Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
http://www.coupdepoucepc.com/modules/news/article.php?storyid=253
https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php




4/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Manon\LOCALS~1\Temp\servic es.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\Manon\LOCALS~1\Temp\services.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://202.213.247.128/kxhcm10.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://80.122.199.237/activex/AMC.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://82.116.39.50/activex/AMC.cab




5/ Assure-toi que tu as accès aux fichiers cachés.
(Démarrer->Poste de travail->Outils->Options des dossiers...->Affichage
"Afficher les fichiers et dossiers cachés" ->coché
"Masquer les extensions des fichiers dont le type est connu" ->décoché)

7/ Lance CCleaner
puis bouton Analyse ensuite Bouton Lancer le Nettoyage

8/ Lance AVG
Lance AVG Anti-Spyware
Clique sur le bouton Analyse (de la barre d'outils)
Puis sur l'onglets Comment réagir, clique sur Actions recommandées.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
/!\ Si un fichier est infecté en fin d'analyse /!\
choisis l'option " Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous"
Enregistre ce fichier texte sur ton bureau.
Copie/colle le rapport



9/ Redémarre normalement

et poste un nouveau rapport HijackThis.

as-tu encore des dysfonctionnements ?


1
sped
1 avril 2008 à 00:36
bonjour, merci pour ton aide mais j'ai un petit soucis, quand le redémarre en mode sans échec je n'ai pas acces à HijackThis ni a ccleaner,
0
Réponse 2 / 8
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
3 avril 2008 à 10:24
Salut

Bon, y'en a un qui résiste on va sortir l'artillerie lourde

1) Affiche les fichiers et dossiers cachés …
Pour ce faire, tu vas dans un dossier, par ex. "Mes Images".
Ensuite, clique sur > Outils > Options des dossiers ...
clique sur l' onglet « Affichage » et ...
coche ---> Afficher les fichiers et dossiers cachés
décoche > Masquer les extensions des fichiers dont le type est connu
décoche > Masquer les fichiers protégés du système d' exploitation (recommandé).
« Appliquer » et « OK ».



Télécharges ComboFix à partir d'un de ces liens :
En premier
http://download.bleepingcomputer.com/sUBs/ComboFix.exe



Et important, enregistre le sur le bureau.

Avant d'utiliser ComboFix :

Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.


Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

+ 1 log hijackthis

@++
1
sped Messages postés 8 Date d'inscription mardi 1 avril 2008 Statut Membre Dernière intervention 5 avril 2008
3 avril 2008 à 11:34
bonjour, voici le rapport de ComboFix :

ComboFix 08-04-02.1 - Didier 2008-04-03 11:28:18.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.462 [GMT 2:00]
Endroit: C:\Documents and Settings\Didier\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\mrofinu1423.exe
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\sysdm.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))))))))
.

2008-04-02 20:36 . 2008-04-02 20:37 <REP> d-------- C:\MSNCleaner
2008-04-02 20:03 . 2008-04-02 20:03 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-02 20:01 . 2007-10-11 01:49 383,488 --a------ C:\WINDOWS\system32\SETDB.tmp
2008-04-01 12:14 . 2008-04-01 12:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2008-04-01 00:00 . 2008-04-01 00:00 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Grisoft
2008-04-01 00:00 . 2008-04-01 00:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-01 00:00 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-31 18:26 . 2008-04-01 17:22 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Oberon Media
2008-03-30 17:51 . 2008-03-30 17:53 <REP> d-------- C:\Program Files\SpywareBlaster
2008-03-30 17:51 . 2008-03-31 19:25 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-30 17:37 . 2008-03-30 17:37 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Uniblue
2008-03-29 21:01 . 2008-03-29 21:02 <REP> d-------- C:\Program Files\WorldUnlock Codes Calculator
2008-03-25 21:41 . 2008-03-25 21:41 152,064 --a------ C:\deletedr.exe
2008-03-25 21:40 . 2008-03-25 21:40 282,585 --a------ C:\MSNCleaner 1.5.6[www.msncreative.net].zip
2008-03-25 21:40 . 2008-03-25 21:40 2,074 --a------ C:\omg-fix12-en.reg
2008-03-25 21:40 . 2008-03-25 21:40 1,723 --a------ C:\omg-delete12-en.bat
2008-03-23 22:26 . 2008-03-23 22:57 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-22 19:08 . 2008-03-30 17:45 <REP> d-------- C:\Downloads
2008-03-21 22:52 . 2008-03-21 22:52 <REP> d-------- C:\Program Files\Anuman Interactive
2008-03-21 22:52 . 1997-02-25 15:55 351,344 --a------ C:\WINDOWS\system\LTKRN70W.DLL
2008-03-21 22:52 . 1997-02-19 12:04 172,784 --a------ C:\WINDOWS\system\LFCMP70W.DLL
2008-03-21 22:52 . 1997-07-14 18:30 97,498 --a------ C:\WINDOWS\system\WALKER.DLL
2008-03-21 22:52 . 1997-05-12 19:16 72,046 --a------ C:\WINDOWS\system\GFXAPI.DLL
2008-03-21 22:52 . 1997-03-03 13:04 37,712 --a------ C:\WINDOWS\system\LTFIL70W.DLL
2008-03-21 22:52 . 1997-02-19 11:55 17,424 --a------ C:\WINDOWS\system\LTTWN70W.DLL
2008-03-21 22:52 . 1997-02-19 11:56 11,760 --a------ C:\WINDOWS\system\LFBMP70W.DLL
2008-03-21 22:52 . 1997-07-16 13:00 7,088 --a------ C:\WINDOWS\system\LFIMG70W.DLL
2008-03-17 19:29 . 2008-04-02 18:26 <REP> d-------- C:\Program Files\a-squared Free
2008-03-16 19:59 . 2008-03-16 19:49 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-16 19:59 . 2008-03-16 19:59 2,556 --a------ C:\WINDOWS\unins000.dat
2008-03-16 14:30 . 2008-03-16 14:30 <REP> d-------- C:\Program Files\CCleaner
2008-03-16 14:08 . 2008-03-16 14:08 1,597 --a------ C:\Reprendre les téléchargements Adobe.lnk
2008-03-16 14:07 . 2008-03-16 14:07 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-03-16 13:09 . 2008-03-16 13:09 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-15 13:01 . 2008-03-28 01:00 244 --ah----- C:\sqmnoopt19.sqm
2008-03-15 13:01 . 2008-03-28 01:00 232 --ah----- C:\sqmdata19.sqm
2008-03-15 12:49 . 2008-03-24 01:01 244 --ah----- C:\sqmnoopt18.sqm
2008-03-15 12:49 . 2008-03-24 01:01 232 --ah----- C:\sqmdata18.sqm
2008-03-15 12:40 . 2008-03-23 22:18 244 --ah----- C:\sqmnoopt17.sqm
2008-03-15 12:40 . 2008-03-23 22:18 232 --ah----- C:\sqmdata17.sqm
2008-03-15 12:21 . 2008-03-22 01:13 244 --ah----- C:\sqmnoopt16.sqm
2008-03-15 12:21 . 2008-03-22 01:13 232 --ah----- C:\sqmdata16.sqm
2008-03-15 12:18 . 2008-03-19 17:28 244 --ah----- C:\sqmnoopt15.sqm
2008-03-15 12:18 . 2008-03-19 17:28 232 --ah----- C:\sqmdata15.sqm
2008-03-15 12:13 . 2008-03-19 12:45 244 --ah----- C:\sqmnoopt14.sqm
2008-03-15 12:13 . 2008-03-19 12:45 232 --ah----- C:\sqmdata14.sqm
2008-03-15 12:04 . 2008-03-19 01:01 244 --ah----- C:\sqmnoopt13.sqm
2008-03-15 12:04 . 2008-03-19 01:01 232 --ah----- C:\sqmdata13.sqm
2008-03-15 11:59 . 2008-04-01 21:39 244 --ah----- C:\sqmnoopt12.sqm
2008-03-15 11:59 . 2008-04-01 21:39 232 --ah----- C:\sqmdata12.sqm
2008-03-15 11:42 . 2008-04-01 21:26 244 --ah----- C:\sqmnoopt11.sqm
2008-03-15 11:42 . 2008-04-01 21:26 232 --ah----- C:\sqmdata11.sqm
2008-03-15 04:08 . 2008-04-01 20:56 244 --ah----- C:\sqmnoopt10.sqm
2008-03-15 04:08 . 2008-04-01 20:56 232 --ah----- C:\sqmdata10.sqm
2008-03-14 19:55 . 2008-04-01 20:00 244 --ah----- C:\sqmnoopt09.sqm
2008-03-14 19:55 . 2008-04-01 20:00 232 --ah----- C:\sqmdata09.sqm
2008-03-14 13:25 . 2008-04-01 19:02 244 --ah----- C:\sqmnoopt08.sqm
2008-03-14 13:25 . 2008-04-01 19:02 232 --ah----- C:\sqmdata08.sqm
2008-03-14 01:11 . 2008-04-01 18:38 244 --ah----- C:\sqmnoopt07.sqm
2008-03-14 01:11 . 2008-04-01 18:38 232 --ah----- C:\sqmdata07.sqm
2008-03-13 15:41 . 2008-02-02 23:48 862 --a------ C:\WINDOWS\win.tmp
2008-03-13 15:41 . 2008-01-10 11:50 257 --a------ C:\WINDOWS\system.tmp
2008-03-13 15:38 . 2008-03-13 15:38 <REP> d-------- C:\Documents and Settings\Didier\Application Data\PC Tools
2008-03-13 01:10 . 2008-04-01 17:50 244 --ah----- C:\sqmnoopt06.sqm
2008-03-13 01:10 . 2008-04-01 17:50 232 --ah----- C:\sqmdata06.sqm
2008-03-13 01:09 . 2008-03-13 01:09 0 --a------ C:\WINDOWS\system32\real.MSNFix
2008-03-12 16:43 . 2008-03-12 16:43 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-12 16:16 . 2008-03-16 14:10 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-03-12 12:48 . 2008-04-01 17:38 244 --ah----- C:\sqmnoopt05.sqm
2008-03-12 12:48 . 2008-04-01 17:38 232 --ah----- C:\sqmdata05.sqm
2008-03-12 12:20 . 2007-10-30 19:20 360,064 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-03-12 12:05 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-12 12:05 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-12 12:05 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-11 12:21 . 2008-03-11 12:21 <REP> d-------- C:\Program Files\Avira
2008-03-11 12:21 . 2008-03-29 12:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-09 21:26 . 2008-04-02 18:27 <REP> d-------- C:\Program Files\adslTV
2008-03-09 17:03 . 2008-03-09 17:03 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Lavasoft
2008-03-03 12:00 . 2005-06-18 01:15 1,338,368 -ra------ C:\WINDOWS\system\SHDOCVW.DLL
2008-03-03 12:00 . 1998-06-24 00:00 209,192 -ra------ C:\WINDOWS\system\TABCTL32.OCX
2008-03-03 12:00 . 2005-09-20 19:52 203,976 -ra------ C:\WINDOWS\system\RICHTX32.OCX
2008-03-03 12:00 . 2004-03-09 17:45 152,848 -ra------ C:\WINDOWS\system\comdlg32.ocx
2008-03-03 12:00 . 2000-10-02 00:00 119,568 -ra------ C:\WINDOWS\system\VB6FR.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 09:22 --------- d-----w C:\Program Files\scan
2008-04-02 22:08 --------- d-----w C:\Documents and Settings\Didier\Application Data\Azureus
2008-04-02 19:12 --------- d-----w C:\Program Files\Windows Live
2008-04-02 18:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-02 17:49 --------- d-----w C:\Program Files\Cheat Engine
2008-04-02 16:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-03-30 18:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-30 16:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-25 19:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-16 17:40 --------- d-----w C:\Program Files\Google
2008-03-16 12:24 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-12 13:35 --------- d-----w C:\Program Files\Azureus
2008-03-09 19:26 --------- d-----w C:\Documents and Settings\Didier\Application Data\vlc
2008-03-09 15:03 --------- d-----w C:\Program Files\Ad-Aware
2008-03-04 15:38 --------- d-----w C:\Program Files\Free Download Manager
2008-02-28 17:26 --------- d-----w C:\Documents and Settings\Didier\Application Data\Windows Live Writer
2008-02-27 19:39 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-27 19:37 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-23 20:23 --------- d-----w C:\Program Files\StopClope
2008-02-15 10:50 --------- d-----w C:\Documents and Settings\Didier\Application Data\CamfrogWEB
2008-02-15 10:25 --------- d-----w C:\Program Files\Belltech Business Card Designer Pro
2008-02-10 11:07 --------- d-----w C:\Program Files\Warcraft III
2008-02-03 13:15 --------- d-----w C:\Program Files\Skyline
2008-02-03 13:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skyline
2008-02-01 17:01 274,301 ----a-w C:\WINDOWS\DJ Music Mixer Uninstaller.exe
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2006-10-08 23:18 145,920 ----a-w C:\WINDOWS\inf\hdaudio.sys
2006-07-29 17:18 112 --sha-w C:\WINDOWS\system32\Vistadrive\unistl.cmd
.

------- Sigcheck -------

2004-08-04 02:55 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\system32\svchost.exe

2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2006-10-09 01:19 578048 c1ba2463a2689d0ee0375de076454248 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\dllcache\user32.dll

2004-08-04 02:54 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\ws2_32.dll

2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-10-09 01:26 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys

2006-10-09 01:16 506880 1d5b0b4d441f8543b0e899adadb83356 C:\WINDOWS\system32\winlogon.exe

2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2007-02-28 08:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2006-10-09 01:36 2060160 dba3f9a6c596dc9fa91e73e5dc05c152 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2006-10-09 01:24 2183168 3eaecccf7cdc8c871ac9f2faefdc42e9 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2006-10-04 09:05 3116032 70342280d7bac042be4afdedc81c1ce7 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2006-07-05 04:23 36864]
"Vistadrv"="C:\Windows\System32\Vistadrive\vsdrv.exe" [2006-07-30 03:37 121089]
"TweakRAM"="C:\Program Files\TweakRAM\TweakRAM.exe" [2006-04-15 18:07 907264]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-02 20:18 144448]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:54 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 03:37 121089]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-29 12:39 249896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"Flash Media"="C:\DOCUME~1\Manon\LOCALS~1\Temp\services.exe" [2008-03-05 19:43 64156]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2006-09-08 15:12 678912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2005-08-12 20:52 180224]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2006-07-05 04:23 36864]
"Vistadrv"="C:\Windows\System32\Vistadrive\vsdrv.exe" [2006-07-30 03:37 121089]
"TweakRAM"="C:\Program Files\TweakRAM\TweakRAM.exe" [2006-04-15 18:07 907264]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 20:27 65536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= avnotify.exe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
-r------- 2006-03-28 16:48 622592 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
--------- 2006-04-10 15:58 61440 C:\Program Files\Brother\ControlCenter3\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
--a------ 2005-07-26 17:52 184408 C:\Program Files\Executive Software\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2005-03-17 20:30 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
--a------ 2004-09-19 20:27 65536 C:\Program Files\LClock\lclock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2004-02-25 17:15 454656 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2004-02-25 17:06 212992 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2005-03-17 20:17 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
--a------ 2005-01-26 19:02 49152 C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UberIcon]
--a------ 2005-08-12 20:52 180224 C:\Program Files\UberIcon\UberIcon Manager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"C:\\DOCUME~1\\Manon\\LOCALS~1\\Temp\\services.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"60958:TCP"= 60958:TCP:*:Disabled:Azureus
"56497:TCP"= 56497:TCP:Pando P2P TCP Listening Port
"56497:UDP"= 56497:UDP:Pando P2P UDP Listening Port
"60958:UDP"= 60958:UDP:*:Disabled:Azureus

R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys [2006-10-09 01:30]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-09 01:30]
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 13:50]
S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 20:13]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 02:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a07123b0-71d9-11dc-9fd8-000129211807}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe

*Newly Created Service* - USNJSVC
*Newly Created Service* - WLSETUPSVC
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 11:30:06
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

? [1980]

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-03 11:30:46
ComboFix-quarantined-files.txt 2008-04-03 09:30:36
Pre-Run: 103,822,528,512 octets libres
Post-Run: 103,812,317,184 octets libres
.
2008-04-02 17:55:06 --- E O F ---

rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32, on 4/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Didier\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Manon\LOCALS~1\Temp\services.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\Manon\LOCALS~1\Temp\services.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://80.122.199.237/activex/AMC.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
sped Messages postés 8 Date d'inscription mardi 1 avril 2008 Statut Membre Dernière intervention 5 avril 2008
3 avril 2008 à 11:34
bonjour, voici le rapport de ComboFix :

ComboFix 08-04-02.1 - Didier 2008-04-03 11:28:18.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.462 [GMT 2:00]
Endroit: C:\Documents and Settings\Didier\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\mrofinu1423.exe
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\sysdm.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))))))))
.

2008-04-02 20:36 . 2008-04-02 20:37 <REP> d-------- C:\MSNCleaner
2008-04-02 20:03 . 2008-04-02 20:03 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-02 20:01 . 2007-10-11 01:49 383,488 --a------ C:\WINDOWS\system32\SETDB.tmp
2008-04-01 12:14 . 2008-04-01 12:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2008-04-01 00:00 . 2008-04-01 00:00 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Grisoft
2008-04-01 00:00 . 2008-04-01 00:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-01 00:00 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-31 18:26 . 2008-04-01 17:22 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Oberon Media
2008-03-30 17:51 . 2008-03-30 17:53 <REP> d-------- C:\Program Files\SpywareBlaster
2008-03-30 17:51 . 2008-03-31 19:25 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-30 17:37 . 2008-03-30 17:37 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Uniblue
2008-03-29 21:01 . 2008-03-29 21:02 <REP> d-------- C:\Program Files\WorldUnlock Codes Calculator
2008-03-25 21:41 . 2008-03-25 21:41 152,064 --a------ C:\deletedr.exe
2008-03-25 21:40 . 2008-03-25 21:40 282,585 --a------ C:\MSNCleaner 1.5.6[www.msncreative.net].zip
2008-03-25 21:40 . 2008-03-25 21:40 2,074 --a------ C:\omg-fix12-en.reg
2008-03-25 21:40 . 2008-03-25 21:40 1,723 --a------ C:\omg-delete12-en.bat
2008-03-23 22:26 . 2008-03-23 22:57 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-22 19:08 . 2008-03-30 17:45 <REP> d-------- C:\Downloads
2008-03-21 22:52 . 2008-03-21 22:52 <REP> d-------- C:\Program Files\Anuman Interactive
2008-03-21 22:52 . 1997-02-25 15:55 351,344 --a------ C:\WINDOWS\system\LTKRN70W.DLL
2008-03-21 22:52 . 1997-02-19 12:04 172,784 --a------ C:\WINDOWS\system\LFCMP70W.DLL
2008-03-21 22:52 . 1997-07-14 18:30 97,498 --a------ C:\WINDOWS\system\WALKER.DLL
2008-03-21 22:52 . 1997-05-12 19:16 72,046 --a------ C:\WINDOWS\system\GFXAPI.DLL
2008-03-21 22:52 . 1997-03-03 13:04 37,712 --a------ C:\WINDOWS\system\LTFIL70W.DLL
2008-03-21 22:52 . 1997-02-19 11:55 17,424 --a------ C:\WINDOWS\system\LTTWN70W.DLL
2008-03-21 22:52 . 1997-02-19 11:56 11,760 --a------ C:\WINDOWS\system\LFBMP70W.DLL
2008-03-21 22:52 . 1997-07-16 13:00 7,088 --a------ C:\WINDOWS\system\LFIMG70W.DLL
2008-03-17 19:29 . 2008-04-02 18:26 <REP> d-------- C:\Program Files\a-squared Free
2008-03-16 19:59 . 2008-03-16 19:49 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-16 19:59 . 2008-03-16 19:59 2,556 --a------ C:\WINDOWS\unins000.dat
2008-03-16 14:30 . 2008-03-16 14:30 <REP> d-------- C:\Program Files\CCleaner
2008-03-16 14:08 . 2008-03-16 14:08 1,597 --a------ C:\Reprendre les téléchargements Adobe.lnk
2008-03-16 14:07 . 2008-03-16 14:07 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-03-16 13:09 . 2008-03-16 13:09 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-15 13:01 . 2008-03-28 01:00 244 --ah----- C:\sqmnoopt19.sqm
2008-03-15 13:01 . 2008-03-28 01:00 232 --ah----- C:\sqmdata19.sqm
2008-03-15 12:49 . 2008-03-24 01:01 244 --ah----- C:\sqmnoopt18.sqm
2008-03-15 12:49 . 2008-03-24 01:01 232 --ah----- C:\sqmdata18.sqm
2008-03-15 12:40 . 2008-03-23 22:18 244 --ah----- C:\sqmnoopt17.sqm
2008-03-15 12:40 . 2008-03-23 22:18 232 --ah----- C:\sqmdata17.sqm
2008-03-15 12:21 . 2008-03-22 01:13 244 --ah----- C:\sqmnoopt16.sqm
2008-03-15 12:21 . 2008-03-22 01:13 232 --ah----- C:\sqmdata16.sqm
2008-03-15 12:18 . 2008-03-19 17:28 244 --ah----- C:\sqmnoopt15.sqm
2008-03-15 12:18 . 2008-03-19 17:28 232 --ah----- C:\sqmdata15.sqm
2008-03-15 12:13 . 2008-03-19 12:45 244 --ah----- C:\sqmnoopt14.sqm
2008-03-15 12:13 . 2008-03-19 12:45 232 --ah----- C:\sqmdata14.sqm
2008-03-15 12:04 . 2008-03-19 01:01 244 --ah----- C:\sqmnoopt13.sqm
2008-03-15 12:04 . 2008-03-19 01:01 232 --ah----- C:\sqmdata13.sqm
2008-03-15 11:59 . 2008-04-01 21:39 244 --ah----- C:\sqmnoopt12.sqm
2008-03-15 11:59 . 2008-04-01 21:39 232 --ah----- C:\sqmdata12.sqm
2008-03-15 11:42 . 2008-04-01 21:26 244 --ah----- C:\sqmnoopt11.sqm
2008-03-15 11:42 . 2008-04-01 21:26 232 --ah----- C:\sqmdata11.sqm
2008-03-15 04:08 . 2008-04-01 20:56 244 --ah----- C:\sqmnoopt10.sqm
2008-03-15 04:08 . 2008-04-01 20:56 232 --ah----- C:\sqmdata10.sqm
2008-03-14 19:55 . 2008-04-01 20:00 244 --ah----- C:\sqmnoopt09.sqm
2008-03-14 19:55 . 2008-04-01 20:00 232 --ah----- C:\sqmdata09.sqm
2008-03-14 13:25 . 2008-04-01 19:02 244 --ah----- C:\sqmnoopt08.sqm
2008-03-14 13:25 . 2008-04-01 19:02 232 --ah----- C:\sqmdata08.sqm
2008-03-14 01:11 . 2008-04-01 18:38 244 --ah----- C:\sqmnoopt07.sqm
2008-03-14 01:11 . 2008-04-01 18:38 232 --ah----- C:\sqmdata07.sqm
2008-03-13 15:41 . 2008-02-02 23:48 862 --a------ C:\WINDOWS\win.tmp
2008-03-13 15:41 . 2008-01-10 11:50 257 --a------ C:\WINDOWS\system.tmp
2008-03-13 15:38 . 2008-03-13 15:38 <REP> d-------- C:\Documents and Settings\Didier\Application Data\PC Tools
2008-03-13 01:10 . 2008-04-01 17:50 244 --ah----- C:\sqmnoopt06.sqm
2008-03-13 01:10 . 2008-04-01 17:50 232 --ah----- C:\sqmdata06.sqm
2008-03-13 01:09 . 2008-03-13 01:09 0 --a------ C:\WINDOWS\system32\real.MSNFix
2008-03-12 16:43 . 2008-03-12 16:43 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-12 16:16 . 2008-03-16 14:10 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-03-12 12:48 . 2008-04-01 17:38 244 --ah----- C:\sqmnoopt05.sqm
2008-03-12 12:48 . 2008-04-01 17:38 232 --ah----- C:\sqmdata05.sqm
2008-03-12 12:20 . 2007-10-30 19:20 360,064 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-03-12 12:05 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-12 12:05 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-12 12:05 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-11 12:21 . 2008-03-11 12:21 <REP> d-------- C:\Program Files\Avira
2008-03-11 12:21 . 2008-03-29 12:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-09 21:26 . 2008-04-02 18:27 <REP> d-------- C:\Program Files\adslTV
2008-03-09 17:03 . 2008-03-09 17:03 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Lavasoft
2008-03-03 12:00 . 2005-06-18 01:15 1,338,368 -ra------ C:\WINDOWS\system\SHDOCVW.DLL
2008-03-03 12:00 . 1998-06-24 00:00 209,192 -ra------ C:\WINDOWS\system\TABCTL32.OCX
2008-03-03 12:00 . 2005-09-20 19:52 203,976 -ra------ C:\WINDOWS\system\RICHTX32.OCX
2008-03-03 12:00 . 2004-03-09 17:45 152,848 -ra------ C:\WINDOWS\system\comdlg32.ocx
2008-03-03 12:00 . 2000-10-02 00:00 119,568 -ra------ C:\WINDOWS\system\VB6FR.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 09:22 --------- d-----w C:\Program Files\scan
2008-04-02 22:08 --------- d-----w C:\Documents and Settings\Didier\Application Data\Azureus
2008-04-02 19:12 --------- d-----w C:\Program Files\Windows Live
2008-04-02 18:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-02 17:49 --------- d-----w C:\Program Files\Cheat Engine
2008-04-02 16:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-03-30 18:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-30 16:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-25 19:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-16 17:40 --------- d-----w C:\Program Files\Google
2008-03-16 12:24 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-12 13:35 --------- d-----w C:\Program Files\Azureus
2008-03-09 19:26 --------- d-----w C:\Documents and Settings\Didier\Application Data\vlc
2008-03-09 15:03 --------- d-----w C:\Program Files\Ad-Aware
2008-03-04 15:38 --------- d-----w C:\Program Files\Free Download Manager
2008-02-28 17:26 --------- d-----w C:\Documents and Settings\Didier\Application Data\Windows Live Writer
2008-02-27 19:39 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-27 19:37 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-23 20:23 --------- d-----w C:\Program Files\StopClope
2008-02-15 10:50 --------- d-----w C:\Documents and Settings\Didier\Application Data\CamfrogWEB
2008-02-15 10:25 --------- d-----w C:\Program Files\Belltech Business Card Designer Pro
2008-02-10 11:07 --------- d-----w C:\Program Files\Warcraft III
2008-02-03 13:15 --------- d-----w C:\Program Files\Skyline
2008-02-03 13:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skyline
2008-02-01 17:01 274,301 ----a-w C:\WINDOWS\DJ Music Mixer Uninstaller.exe
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2006-10-08 23:18 145,920 ----a-w C:\WINDOWS\inf\hdaudio.sys
2006-07-29 17:18 112 --sha-w C:\WINDOWS\system32\Vistadrive\unistl.cmd
.

------- Sigcheck -------

2004-08-04 02:55 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\system32\svchost.exe

2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2006-10-09 01:19 578048 c1ba2463a2689d0ee0375de076454248 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\dllcache\user32.dll

2004-08-04 02:54 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\ws2_32.dll

2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-10-09 01:26 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys

2006-10-09 01:16 506880 1d5b0b4d441f8543b0e899adadb83356 C:\WINDOWS\system32\winlogon.exe

2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2007-02-28 08:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2006-10-09 01:36 2060160 dba3f9a6c596dc9fa91e73e5dc05c152 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2006-10-09 01:24 2183168 3eaecccf7cdc8c871ac9f2faefdc42e9 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2006-10-04 09:05 3116032 70342280d7bac042be4afdedc81c1ce7 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2006-07-05 04:23 36864]
"Vistadrv"="C:\Windows\System32\Vistadrive\vsdrv.exe" [2006-07-30 03:37 121089]
"TweakRAM"="C:\Program Files\TweakRAM\TweakRAM.exe" [2006-04-15 18:07 907264]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-02 20:18 144448]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:54 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 03:37 121089]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-29 12:39 249896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"Flash Media"="C:\DOCUME~1\Manon\LOCALS~1\Temp\services.exe" [2008-03-05 19:43 64156]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2006-09-08 15:12 678912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2005-08-12 20:52 180224]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2006-07-05 04:23 36864]
"Vistadrv"="C:\Windows\System32\Vistadrive\vsdrv.exe" [2006-07-30 03:37 121089]
"TweakRAM"="C:\Program Files\TweakRAM\TweakRAM.exe" [2006-04-15 18:07 907264]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 20:27 65536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= avnotify.exe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
-r------- 2006-03-28 16:48 622592 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
--------- 2006-04-10 15:58 61440 C:\Program Files\Brother\ControlCenter3\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
--a------ 2005-07-26 17:52 184408 C:\Program Files\Executive Software\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2005-03-17 20:30 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
--a------ 2004-09-19 20:27 65536 C:\Program Files\LClock\lclock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2004-02-25 17:15 454656 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2004-02-25 17:06 212992 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2005-03-17 20:17 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
--a------ 2005-01-26 19:02 49152 C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UberIcon]
--a------ 2005-08-12 20:52 180224 C:\Program Files\UberIcon\UberIcon Manager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"C:\\DOCUME~1\\Manon\\LOCALS~1\\Temp\\services.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"60958:TCP"= 60958:TCP:*:Disabled:Azureus
"56497:TCP"= 56497:TCP:Pando P2P TCP Listening Port
"56497:UDP"= 56497:UDP:Pando P2P UDP Listening Port
"60958:UDP"= 60958:UDP:*:Disabled:Azureus

R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys [2006-10-09 01:30]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-09 01:30]
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 13:50]
S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 20:13]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 02:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a07123b0-71d9-11dc-9fd8-000129211807}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe

*Newly Created Service* - USNJSVC
*Newly Created Service* - WLSETUPSVC
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 11:30:06
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

? [1980]

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-03 11:30:46
ComboFix-quarantined-files.txt 2008-04-03 09:30:36
Pre-Run: 103,822,528,512 octets libres
Post-Run: 103,812,317,184 octets libres
.
2008-04-02 17:55:06 --- E O F ---

rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32, on 4/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Didier\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Manon\LOCALS~1\Temp\services.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\Manon\LOCALS~1\Temp\services.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://80.122.199.237/activex/AMC.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
sped Messages postés 8 Date d'inscription mardi 1 avril 2008 Statut Membre Dernière intervention 5 avril 2008
3 avril 2008 à 11:34
bonjour, voici le rapport de ComboFix :

ComboFix 08-04-02.1 - Didier 2008-04-03 11:28:18.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.462 [GMT 2:00]
Endroit: C:\Documents and Settings\Didier\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\mrofinu1423.exe
C:\WINDOWS\system32\_000005_.tmp.dll
C:\WINDOWS\system32\_000006_.tmp.dll
C:\WINDOWS\system32\sysdm.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-03 to 2008-04-03 ))))))))))))))))))))))))))))))))))))
.

2008-04-02 20:36 . 2008-04-02 20:37 <REP> d-------- C:\MSNCleaner
2008-04-02 20:03 . 2008-04-02 20:03 1,355 --a------ C:\WINDOWS\imsins.BAK
2008-04-02 20:01 . 2007-10-11 01:49 383,488 --a------ C:\WINDOWS\system32\SETDB.tmp
2008-04-01 12:14 . 2008-04-01 12:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Grisoft
2008-04-01 00:00 . 2008-04-01 00:00 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Grisoft
2008-04-01 00:00 . 2008-04-01 00:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-04-01 00:00 . 2007-05-30 14:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-03-31 18:26 . 2008-04-01 17:22 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Oberon Media
2008-03-30 17:51 . 2008-03-30 17:53 <REP> d-------- C:\Program Files\SpywareBlaster
2008-03-30 17:51 . 2008-03-31 19:25 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-30 17:37 . 2008-03-30 17:37 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Uniblue
2008-03-29 21:01 . 2008-03-29 21:02 <REP> d-------- C:\Program Files\WorldUnlock Codes Calculator
2008-03-25 21:41 . 2008-03-25 21:41 152,064 --a------ C:\deletedr.exe
2008-03-25 21:40 . 2008-03-25 21:40 282,585 --a------ C:\MSNCleaner 1.5.6[www.msncreative.net].zip
2008-03-25 21:40 . 2008-03-25 21:40 2,074 --a------ C:\omg-fix12-en.reg
2008-03-25 21:40 . 2008-03-25 21:40 1,723 --a------ C:\omg-delete12-en.bat
2008-03-23 22:26 . 2008-03-23 22:57 <REP> d-------- C:\WINDOWS\BDOSCAN8
2008-03-22 19:08 . 2008-03-30 17:45 <REP> d-------- C:\Downloads
2008-03-21 22:52 . 2008-03-21 22:52 <REP> d-------- C:\Program Files\Anuman Interactive
2008-03-21 22:52 . 1997-02-25 15:55 351,344 --a------ C:\WINDOWS\system\LTKRN70W.DLL
2008-03-21 22:52 . 1997-02-19 12:04 172,784 --a------ C:\WINDOWS\system\LFCMP70W.DLL
2008-03-21 22:52 . 1997-07-14 18:30 97,498 --a------ C:\WINDOWS\system\WALKER.DLL
2008-03-21 22:52 . 1997-05-12 19:16 72,046 --a------ C:\WINDOWS\system\GFXAPI.DLL
2008-03-21 22:52 . 1997-03-03 13:04 37,712 --a------ C:\WINDOWS\system\LTFIL70W.DLL
2008-03-21 22:52 . 1997-02-19 11:55 17,424 --a------ C:\WINDOWS\system\LTTWN70W.DLL
2008-03-21 22:52 . 1997-02-19 11:56 11,760 --a------ C:\WINDOWS\system\LFBMP70W.DLL
2008-03-21 22:52 . 1997-07-16 13:00 7,088 --a------ C:\WINDOWS\system\LFIMG70W.DLL
2008-03-17 19:29 . 2008-04-02 18:26 <REP> d-------- C:\Program Files\a-squared Free
2008-03-16 19:59 . 2008-03-16 19:49 691,545 --a------ C:\WINDOWS\unins000.exe
2008-03-16 19:59 . 2008-03-16 19:59 2,556 --a------ C:\WINDOWS\unins000.dat
2008-03-16 14:30 . 2008-03-16 14:30 <REP> d-------- C:\Program Files\CCleaner
2008-03-16 14:08 . 2008-03-16 14:08 1,597 --a------ C:\Reprendre les téléchargements Adobe.lnk
2008-03-16 14:07 . 2008-03-16 14:07 <REP> dr------- C:\Documents and Settings\LocalService\Favoris
2008-03-16 13:09 . 2008-03-16 13:09 <REP> d--h----- C:\WINDOWS\system32\GroupPolicy
2008-03-15 13:01 . 2008-03-28 01:00 244 --ah----- C:\sqmnoopt19.sqm
2008-03-15 13:01 . 2008-03-28 01:00 232 --ah----- C:\sqmdata19.sqm
2008-03-15 12:49 . 2008-03-24 01:01 244 --ah----- C:\sqmnoopt18.sqm
2008-03-15 12:49 . 2008-03-24 01:01 232 --ah----- C:\sqmdata18.sqm
2008-03-15 12:40 . 2008-03-23 22:18 244 --ah----- C:\sqmnoopt17.sqm
2008-03-15 12:40 . 2008-03-23 22:18 232 --ah----- C:\sqmdata17.sqm
2008-03-15 12:21 . 2008-03-22 01:13 244 --ah----- C:\sqmnoopt16.sqm
2008-03-15 12:21 . 2008-03-22 01:13 232 --ah----- C:\sqmdata16.sqm
2008-03-15 12:18 . 2008-03-19 17:28 244 --ah----- C:\sqmnoopt15.sqm
2008-03-15 12:18 . 2008-03-19 17:28 232 --ah----- C:\sqmdata15.sqm
2008-03-15 12:13 . 2008-03-19 12:45 244 --ah----- C:\sqmnoopt14.sqm
2008-03-15 12:13 . 2008-03-19 12:45 232 --ah----- C:\sqmdata14.sqm
2008-03-15 12:04 . 2008-03-19 01:01 244 --ah----- C:\sqmnoopt13.sqm
2008-03-15 12:04 . 2008-03-19 01:01 232 --ah----- C:\sqmdata13.sqm
2008-03-15 11:59 . 2008-04-01 21:39 244 --ah----- C:\sqmnoopt12.sqm
2008-03-15 11:59 . 2008-04-01 21:39 232 --ah----- C:\sqmdata12.sqm
2008-03-15 11:42 . 2008-04-01 21:26 244 --ah----- C:\sqmnoopt11.sqm
2008-03-15 11:42 . 2008-04-01 21:26 232 --ah----- C:\sqmdata11.sqm
2008-03-15 04:08 . 2008-04-01 20:56 244 --ah----- C:\sqmnoopt10.sqm
2008-03-15 04:08 . 2008-04-01 20:56 232 --ah----- C:\sqmdata10.sqm
2008-03-14 19:55 . 2008-04-01 20:00 244 --ah----- C:\sqmnoopt09.sqm
2008-03-14 19:55 . 2008-04-01 20:00 232 --ah----- C:\sqmdata09.sqm
2008-03-14 13:25 . 2008-04-01 19:02 244 --ah----- C:\sqmnoopt08.sqm
2008-03-14 13:25 . 2008-04-01 19:02 232 --ah----- C:\sqmdata08.sqm
2008-03-14 01:11 . 2008-04-01 18:38 244 --ah----- C:\sqmnoopt07.sqm
2008-03-14 01:11 . 2008-04-01 18:38 232 --ah----- C:\sqmdata07.sqm
2008-03-13 15:41 . 2008-02-02 23:48 862 --a------ C:\WINDOWS\win.tmp
2008-03-13 15:41 . 2008-01-10 11:50 257 --a------ C:\WINDOWS\system.tmp
2008-03-13 15:38 . 2008-03-13 15:38 <REP> d-------- C:\Documents and Settings\Didier\Application Data\PC Tools
2008-03-13 01:10 . 2008-04-01 17:50 244 --ah----- C:\sqmnoopt06.sqm
2008-03-13 01:10 . 2008-04-01 17:50 232 --ah----- C:\sqmdata06.sqm
2008-03-13 01:09 . 2008-03-13 01:09 0 --a------ C:\WINDOWS\system32\real.MSNFix
2008-03-12 16:43 . 2008-03-12 16:43 <REP> d-------- C:\WINDOWS\ERUNT
2008-03-12 16:16 . 2008-03-16 14:10 <REP> d-------- C:\Documents and Settings\LocalService\Application Data\AdobeUM
2008-03-12 12:48 . 2008-04-01 17:38 244 --ah----- C:\sqmnoopt05.sqm
2008-03-12 12:48 . 2008-04-01 17:38 232 --ah----- C:\sqmdata05.sqm
2008-03-12 12:20 . 2007-10-30 19:20 360,064 -----c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-03-12 12:05 . 2007-07-30 20:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-03-12 12:05 . 2007-07-30 20:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-03-12 12:05 . 2007-07-30 20:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-03-11 12:21 . 2008-03-11 12:21 <REP> d-------- C:\Program Files\Avira
2008-03-11 12:21 . 2008-03-29 12:37 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-03-09 21:26 . 2008-04-02 18:27 <REP> d-------- C:\Program Files\adslTV
2008-03-09 17:03 . 2008-03-09 17:03 <REP> d-------- C:\Documents and Settings\Didier\Application Data\Lavasoft
2008-03-03 12:00 . 2005-06-18 01:15 1,338,368 -ra------ C:\WINDOWS\system\SHDOCVW.DLL
2008-03-03 12:00 . 1998-06-24 00:00 209,192 -ra------ C:\WINDOWS\system\TABCTL32.OCX
2008-03-03 12:00 . 2005-09-20 19:52 203,976 -ra------ C:\WINDOWS\system\RICHTX32.OCX
2008-03-03 12:00 . 2004-03-09 17:45 152,848 -ra------ C:\WINDOWS\system\comdlg32.ocx
2008-03-03 12:00 . 2000-10-02 00:00 119,568 -ra------ C:\WINDOWS\system\VB6FR.DLL

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-03 09:22 --------- d-----w C:\Program Files\scan
2008-04-02 22:08 --------- d-----w C:\Documents and Settings\Didier\Application Data\Azureus
2008-04-02 19:12 --------- d-----w C:\Program Files\Windows Live
2008-04-02 18:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-02 17:49 --------- d-----w C:\Program Files\Cheat Engine
2008-04-02 16:26 --------- d-----w C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-03-30 18:11 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-03-30 16:01 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-25 19:13 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-22 12:23 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-16 17:40 --------- d-----w C:\Program Files\Google
2008-03-16 12:24 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-03-12 13:35 --------- d-----w C:\Program Files\Azureus
2008-03-09 19:26 --------- d-----w C:\Documents and Settings\Didier\Application Data\vlc
2008-03-09 15:03 --------- d-----w C:\Program Files\Ad-Aware
2008-03-04 15:38 --------- d-----w C:\Program Files\Free Download Manager
2008-02-28 17:26 --------- d-----w C:\Documents and Settings\Didier\Application Data\Windows Live Writer
2008-02-27 19:39 --------- d-----w C:\Program Files\Microsoft SQL Server Compact Edition
2008-02-27 19:37 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-02-23 20:23 --------- d-----w C:\Program Files\StopClope
2008-02-15 10:50 --------- d-----w C:\Documents and Settings\Didier\Application Data\CamfrogWEB
2008-02-15 10:25 --------- d-----w C:\Program Files\Belltech Business Card Designer Pro
2008-02-10 11:07 --------- d-----w C:\Program Files\Warcraft III
2008-02-03 13:15 --------- d-----w C:\Program Files\Skyline
2008-02-03 13:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skyline
2008-02-01 17:01 274,301 ----a-w C:\WINDOWS\DJ Music Mixer Uninstaller.exe
2008-02-01 10:17 587,264 ----a-w C:\WINDOWS\WLXPGSS.SCR
2006-10-08 23:18 145,920 ----a-w C:\WINDOWS\inf\hdaudio.sys
2006-07-29 17:18 112 --sha-w C:\WINDOWS\system32\Vistadrive\unistl.cmd
.

------- Sigcheck -------

2004-08-04 02:55 14336 1bd6c2f707a275cb7c16fd99fe0f31ca C:\WINDOWS\system32\svchost.exe

2007-03-08 17:50 579072 4d88aaf39adabfe45958ea1384e2c4ff C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
2006-10-09 01:19 578048 c1ba2463a2689d0ee0375de076454248 C:\WINDOWS\$NtUninstallKB925902$\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\user32.dll
2007-03-08 17:37 578560 753354f594809a9b96f73999b435a533 C:\WINDOWS\system32\dllcache\user32.dll

2004-08-04 02:54 82944 bc41f51a39d3b255805fdb759b7814ae C:\WINDOWS\system32\ws2_32.dll

2007-10-30 18:53 360832 64798ecfa43d78c7178375fcdd16d8c8 C:\WINDOWS\$hf_mig$\KB941644\SP2QFE\tcpip.sys
2006-10-09 01:26 360576 b2220c618b42a2212a59d91ebd6fc4b4 C:\WINDOWS\$NtUninstallKB941644$\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\dllcache\tcpip.sys
2007-10-30 19:20 360064 90caff4b094573449a0872a0f919b178 C:\WINDOWS\system32\drivers\tcpip.sys

2006-10-09 01:16 506880 1d5b0b4d441f8543b0e899adadb83356 C:\WINDOWS\system32\winlogon.exe

2004-08-04 01:14 182912 558635d3af1c7546d26067d5d9b6959e C:\WINDOWS\system32\drivers\ndis.sys

2004-08-04 01:00 29056 4448006b6bc60e6c027932cfc38d6855 C:\WINDOWS\system32\drivers\ip6fw.sys

2007-02-28 08:08 2061440 7a56a64eb50399613587e90292dd2aab C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntkrnlpa.exe
2006-10-09 01:36 2060160 dba3f9a6c596dc9fa91e73e5dc05c152 C:\WINDOWS\$NtUninstallKB931784$\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\Driver Cache\i386\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\ntkrnlpa.exe
2007-02-28 18:02 2059648 a1d5231403329478ae4fe2778c55c77f C:\WINDOWS\system32\dllcache\ntkrnlpa.exe

2007-02-28 18:08 2184192 8e244108562e0e452eb68dff64cb08a9 C:\WINDOWS\$hf_mig$\KB931784\SP2QFE\ntoskrnl.exe
2006-10-09 01:24 2183168 3eaecccf7cdc8c871ac9f2faefdc42e9 C:\WINDOWS\$NtUninstallKB931784$\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\Driver Cache\i386\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\ntoskrnl.exe
2007-02-28 18:02 2182400 7d6d19aac51a4325f6039f083c22303c C:\WINDOWS\system32\dllcache\ntoskrnl.exe

2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\explorer.exe
2007-06-13 15:10 1037312 b795475444d6d57a572c14b9e1a29839 C:\WINDOWS\$hf_mig$\KB938828\SP2QFE\explorer.exe
2006-10-04 09:05 3116032 70342280d7bac042be4afdedc81c1ce7 C:\WINDOWS\$NtUninstallKB938828$\explorer.exe
2007-06-13 15:22 1037312 d0288319660edcfed07c7e74c4ea38a5 C:\WINDOWS\system32\dllcache\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2006-07-05 04:23 36864]
"Vistadrv"="C:\Windows\System32\Vistadrive\vsdrv.exe" [2006-07-30 03:37 121089]
"TweakRAM"="C:\Program Files\TweakRAM\TweakRAM.exe" [2006-04-15 18:07 907264]
"RoboForm"="C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2007-10-02 20:18 144448]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 02:54 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-10-22 13:22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 13:22 1622016 C:\WINDOWS\system32\nwiz.exe]
"Vistadrv"="C:\WINDOWS\system32\Vistadrive\vsdrv.exe" [2006-07-30 03:37 121089]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-10-22 13:22 86016]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-29 12:39 249896]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 11:25 6731312]
"Flash Media"="C:\DOCUME~1\Manon\LOCALS~1\Temp\services.exe" [2008-03-05 19:43 64156]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="C:\WINDOWS\system32\sti_ci.dll" [2006-09-08 15:12 678912]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"UberIcon"="C:\Program Files\UberIcon\UberIcon Manager.exe" [2005-08-12 20:52 180224]
"VisualTaskTips"="C:\Windows\System32\VisualTaskTips.exe" [2006-07-05 04:23 36864]
"Vistadrv"="C:\Windows\System32\Vistadrive\vsdrv.exe" [2006-07-30 03:37 121089]
"TweakRAM"="C:\Program Files\TweakRAM\TweakRAM.exe" [2006-04-15 18:07 907264]
"LClock"="C:\Program Files\LClock\lclock.exe" [2004-09-19 20:27 65536]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\disallowrun]
"1"= avnotify.exe

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Logitech Desktop Messenger.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Logitech Desktop Messenger.lnk
backup=C:\WINDOWS\pss\Logitech Desktop Messenger.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrMfcWnd]
-r------- 2006-03-28 16:48 622592 C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Camfrog]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
--------- 2006-04-10 15:58 61440 C:\Program Files\Brother\ControlCenter3\brctrcen.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DiskeeperSystray]
--a------ 2005-07-26 17:52 184408 C:\Program Files\Executive Software\Diskeeper\DkIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndexSearch]
--a------ 2005-03-17 20:30 40960 C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LClock]
--a------ 2004-09-19 20:27 65536 C:\Program Files\LClock\lclock.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LDM]
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BackWeb-8876480.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2004-02-25 17:15 454656 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2004-02-25 17:06 212992 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PaperPort PTD]
--a------ 2005-03-17 20:17 57393 C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetDefPrt]
--a------ 2005-01-26 19:02 49152 C:\Program Files\Brother\Brmfl06a\BrStDvPt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 01:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UberIcon]
--a------ 2005-08-12 20:52 180224 C:\Program Files\UberIcon\UberIcon Manager.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"C:\\Program Files\\Internet Explorer\\iexplore.exe"=
"C:\\Program Files\\Pando Networks\\Pando\\pando.exe"=
"C:\\DOCUME~1\\Manon\\LOCALS~1\\Temp\\services.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"60958:TCP"= 60958:TCP:*:Disabled:Azureus
"56497:TCP"= 56497:TCP:Pando P2P TCP Listening Port
"56497:UDP"= 56497:UDP:Pando P2P UDP Listening Port
"60958:UDP"= 60958:UDP:*:Disabled:Azureus

R0 Si3112;Si3112;C:\WINDOWS\system32\drivers\Si3112.sys [2006-10-09 01:30]
R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-09 01:30]
R1 VIAPFD;VIAPFD;C:\WINDOWS\system32\Drivers\VIAPFD.SYS [2001-12-18 14:45]
S3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 13:50]
S3 CEDRIVER53;CEDRIVER53;C:\Program Files\Cheat Engine\dbk32.sys [2006-10-27 20:13]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 22:58]
S3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-12-29 02:58]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a07123b0-71d9-11dc-9fd8-000129211807}]
\Shell\AutoRun\command - F:\RavMon.exe
\Shell\explore\Command - F:\RavMon.exe -e
\Shell\open\Command - F:\RavMon.exe

*Newly Created Service* - USNJSVC
*Newly Created Service* - WLSETUPSVC
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-03 11:30:06
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

? [1980]

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-03 11:30:46
ComboFix-quarantined-files.txt 2008-04-03 09:30:36
Pre-Run: 103,822,528,512 octets libres
Post-Run: 103,812,317,184 octets libres
.
2008-04-02 17:55:06 --- E O F ---

rapport hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:32, on 4/3/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Didier\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Manon\LOCALS~1\Temp\services.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\Manon\LOCALS~1\Temp\services.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://80.122.199.237/activex/AMC.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
Réponse 3 / 8
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
3 avril 2008 à 11:51
Re

3/ Redémarre en mode sans échec
(Pour cela : démarrer le PC en tapotant sur la touche F8 du clavier jusqu'à ce que le menu des options avancées de Windows apparaisse puis avec les touches fléchées du clavier, sélectionner Mode sans échec puis appuyer sur la touche Entrée...)
Attention tu n'as pas accès à Internet dans ce mode donc note ou imprime les consignes qui suivent.
http://www.coupdepoucepc.com/modules/news/article.php?storyid=253
https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php




4/ Lance HijackThis
puis --> Do a system scan only
coche les lignes indiquées ci-dessous
puis --> Fix checked
puis oui à la question de confirmation


F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Manon\LOCALS~1\Temp\servic es.exe
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file)
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\Manon\LOCALS~1\Temp\services.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html (file missing)
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html (file missing)
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html (file missing)
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://80.122.199.237/activex/AMC.cab


télécharger la version gratuite de Kerio

Kerio (pare-feu) : reste gratuit après la période d'essai en français
https://kerio.probb.fr/
Regarde ce tutoriel si tu as besoin d'aide pour l'installation et la configuration de Kerio
https://kerio.probb.fr/
Plus d'info :
->https://kerio.probb.fr/

+ 1 log hijackthis

1
sped Messages postés 8 Date d'inscription mardi 1 avril 2008 Statut Membre Dernière intervention 5 avril 2008
3 avril 2008 à 13:08
re
j'ai téléchargé et installé kerio, il m'a demander de redémarrer chose que j'ai fait et depuis je n'ai plus rien sur mon bureau, il me reste que le fond d'écran ???
pour info là je suis en mode sans échec
0
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275 > sped Messages postés 8 Date d'inscription mardi 1 avril 2008 Statut Membre Dernière intervention 5 avril 2008
3 avril 2008 à 13:16
Pourquoi tu es en MSE ??
0
sped Messages postés 8 Date d'inscription mardi 1 avril 2008 Statut Membre Dernière intervention 5 avril 2008 > ^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020
3 avril 2008 à 13:25
car en mode normal j' n'ai rien sur mon bureau
pas de barre de tache, pas d'icone rien, juste le fond d'écran
0
Réponse 4 / 8
...{Tristan}... Messages postés 283 Date d'inscription mercredi 11 juillet 2007 Statut Membre Dernière intervention 18 janvier 2010 16
17 mars 2008 à 20:10
Slt a toi !!!

telecharge MSNfix et lance le ...

tien moi au courant++
0
sped
17 mars 2008 à 20:23
slt voici le rapport de MSNFix
MSNFix 1.685

C:\Documents and Settings\Didier\Bureau\MSNFix
Fix exécuté le 17/03/2008 - 19:46:55,46 By Didier
mode normal

************************ Recherche les fichiers présents

... C:\WINDOWS\system32\real.txt

************************ Recherche les dossiers présents

Aucun dossier trouvé




************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\Didier\LOCALS~1\Temp\winlogon.exe
.. OK ... C:\DOCUME~1\Didier\LOCALS~1\Temp\services.exe
.. OK ... C:\WINDOWS\system32\LOCALS~1
/!\ ... C:\WINDOWS\system32\real.txt



************************ Nettoyage du registre



Les fichiers encore présents seront supprimés au prochain redémarrage


************************ Suppression des fichiers

.. OK ... C:\WINDOWS\system32\real.txt
.. OK ... C:\WINDOWS\system32\LOCALS~1



************************ Fichiers suspects

/!\ ces fichiers nécessitent un avis expérimenté avant toute intervention

[C:\DOCUME~1\Didier\LOCALS~1\Temp\azplatform2_1.16.zip] ECDA1168AD8D8DEBD7A69C8B5B04DF6D
[C:\DOCUME~1\Didier\LOCALS~1\Temp\azupdater_1.8.8.zip] FE9F0AFA888DFF4FCF0AC6932C6B8CE0
[C:\DOCUME~1\Didier\LOCALS~1\Temp\azupnpav_0.2.0.zip] F26FD74D0FB64A779EFEB34AC6E6AC4D
[C:\deletedr.exe] 8A984E9032270A40C7E7FD10A5DCCEF2

[color=#FF0000][b]==>/b/color SVP merci d'envoyer le fichier [b] C:\DOCUME~1\Didier\Bureau\Upload_Me.zip /b sur http://upload.changelog.fr



Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 17032008_19495342.zip

************************ HKLM\...\Winlogon\Userinit

Userinit = C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Manon\LOCALS~1\Temp\services.exe


------------------------------------------------------------------------
Auteur : !aur3n7 Contact: https://www.ionos.fr/
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

merci de ta rapiditer
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
profwlaken
17 mars 2008 à 20:15
mon fils a eu pareil et maintenant plus possible d'ouvrir la session xp, elle se ferme instantanément, en sans echec c pareil

je vois plus koi faire à part formater
0
Réponse 6 / 8
...{Tristan}... Messages postés 283 Date d'inscription mercredi 11 juillet 2007 Statut Membre Dernière intervention 18 janvier 2010 16
17 mars 2008 à 20:49
normalement c bon
ca donne quoi avec msn?
0
sped
17 mars 2008 à 21:01
pour le moment c'est ok
j'ai télécharger MSMCleaner et fait un scan avec : suppression d'un virus
j'ai refait un scan avec MSNFix : aucun fichier trouvé donc je pense que tout est ok
merci je te tiens au courant si évolution
A+
0
sped
26 mars 2008 à 21:56
bonsoir , désolé de te déranger mais j'ai toujours un soucis avec msn
voici le rapport fait avec hijackthis
peux-tu m'aider ? merci a+

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:41:16, on 3/25/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Executive Software\Diskeeper\DkIcon.exe
C:\Program Files\Executive Software\Diskeeper\DkIcon.exe
C:\Program Files\Executive Software\Diskeeper\DkIcon.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Executive Software\Diskeeper\DkIcon.exe
C:\MSNCleaner[www.msncreative.net].exe
C:\Program Files\Azureus\Azureus.exe
c:\program files\internet explorer\iexplore.exe
C:\Documents and Settings\Didier\Bureau\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Manon\LOCALS~1\Temp\services.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Program Files\Copernic Desktop Search 2\DesktopSearchBand203000018.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\Manon\LOCALS~1\Temp\services.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Copernic Desktop Search 2] "C:\Program Files\Copernic Desktop Search 2\DesktopSearchService.exe" /tray
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide3] cmd.exe /C rundll32 advpack.dll,LaunchINFSection nLite.inf,C (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {2E28242B-A689-11D4-80F2-0040266CBB8D} (KXHCM10 Control) - http://202.213.247.128/kxhcm10.ocx
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - https://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://80.122.199.237/activex/AMC.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jinstall-6u3-windows-i586-jc.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://82.116.39.50/activex/AMC.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
0
Réponse 7 / 8
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
1 avril 2008 à 06:13
Tu devrais les avoir sur ton bureau.
0
sped Messages postés 8 Date d'inscription mardi 1 avril 2008 Statut Membre Dernière intervention 5 avril 2008
1 avril 2008 à 16:44
bonjour, j-ai eu une erreur lors du rapport AVG donc je peux pas lte le soumettre
voici le rapport HijackThis

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:39:40, on 4/1/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\System32\VisualTaskTips.exe
C:\Program Files\TweakRAM\TweakRAM.exe
C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Didier\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.fr/toolbar/ie8/sidebar.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\DOCUME~1\Manon\LOCALS~1\Temp\services.exe
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Vistadrv] C:\WINDOWS\system32\Vistadrive\vsdrv.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [Flash Media] C:\DOCUME~1\Manon\LOCALS~1\Temp\services.exe
O4 - HKLM\..\RunOnce: [WIAWizardMenu] RUNDLL32.EXE C:\WINDOWS\system32\sti_ci.dll,WiaCreateWizardMenu
O4 - HKCU\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe
O4 - HKCU\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [VisualTaskTips] C:\Windows\System32\VisualTaskTips.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [Vistadrv] C:\Windows\System32\Vistadrive\vsdrv.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [LClock] C:\Program Files\LClock\lclock.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [UberIcon] "C:\Program Files\UberIcon\UberIcon Manager.exe" (User 'Default user')
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Remplir - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Remplir le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Enregistrer - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Enregistrer le formulaire - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: Barre RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/advanced/2.0.2.3/cfweb_activex.camfrogweb.com-advanced-2.0.2.3_instmodule.exe
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://80.122.199.237/activex/AMC.cab
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
0
sped Messages postés 8 Date d'inscription mardi 1 avril 2008 Statut Membre Dernière intervention 5 avril 2008
2 avril 2008 à 20:21
bonsoir, voici le rapport avg
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 19:50:08 4/2/2008

+ Résultat de l'analyse:



C:\Documents and Settings\Didier\Mes documents\Téléchargement\CryptLoad0.351 by moreno\router\FRITZ!Box\nc.exe -> Not-A-Virus.RemoteAdmin.Win32.NetCat : Ignoré.
C:\Documents and Settings\Didier\Mes documents\Téléchargement\CryptLoad_1.0.4\router\FRITZ!Box\nc.exe -> Not-A-Virus.RemoteAdmin.Win32.NetCat : Ignoré.
C:\Documents and Settings\Didier\Cookies\didier@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Manon\Cookies\manon@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\Manon\Cookies\manon@overture[1].txt -> TrackingCookie.Overture : Nettoyé.
C:\Documents and Settings\Manon\Cookies\manon@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\Didier\Cookies\didier@nrjmobile.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Didier\Cookies\didier@samsung.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Didier\Cookies\didier@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\Administrateur\Cookies\administrateur@m.webtrends[1].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Documents and Settings\Didier\Cookies\didier@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
C:\Program Files\Cheat Engine\Kernelmoduleunloader.exe -> Trojan.Lmir.ayr : Nettoyé et sauvegardé (mise en quarantaine).


Fin du rapport
0
Réponse 8 / 8
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
3 avril 2008 à 13:38
Re

Bizarre avec Kerio ;;((
Tu as suivi les tutos ??

Essaie d'aller voir Boulepate de ma part sur ce forum
Plus d'info :
->https://kerio.probb.fr/

Un Pro de Kerio
0
sped Messages postés 8 Date d'inscription mardi 1 avril 2008 Statut Membre Dernière intervention 5 avril 2008
5 avril 2008 à 12:26
salut, merci pour ton aide, j'ai chosie la solution radicale....formatage lol....
une dernière petite question:
connais-tu l'antivirus NOD32 et qu'en pense tu ? merci

bon week'end et encore merci
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
symboles et écritures pour nick msn
Pando -
roro -

20 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses